ietf-smtp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Bounce/System Notification Address Verification

2005-07-04 13:55:28
from [Valdis . Kletnieks] [Permanent Link] 
On Mon, 04 Jul 2005 14:07:37 EDT, Hector Santos said:


The same is true with the client domain name (HELO/EHLO).  If a server's
local domain name is used and the IP address is unrecognized, then this is
clear 100% detectable, indisputable SPOOF.  There is no LMAP forwarding
issue here.


There's no forwarding issue because the parameter of HELO/EHLO isn't used
for forwarding decisions.

I'm curious how you arrived at "100% SPOOF" - are you *positive* that out of all
the mail software out there (including all the products that get simple stuff
like a space between : and < on a MAIL FROM wrong), *NONE* ever does the 
following:

1) Figure out its IP address that it just got handed by DHCP.
2) Try to look up the PTR to get its hostname, and fail to get a valid answer.
3) Send the preconfigured 'SMTP Smarthost' name on the HELO, just because we 
know
it and it's handy, and the programmer didn't know about 'HELO [i.p.add.ress]'

Sure, it's *LIKELY* to be a spoof, but:

1) It isn't a *positive* proof.
2) As a result, bouncing mail because of a failure is quite the anti-social 
thing
to do.

Attachment: pgpYNHt6dBvx6.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Strict RFC x821 Compliant: HELO/EHLO, Valdis . Kletnieks
Next by Date:  IP::DOMAIN Associations [Re: Bounce/System Notification Address Verification], Hector Santos
Previous by Thread:  Re: Bounce/System Notification Address Verification, Frank Ellermann
Next by Thread:  IP::DOMAIN Associations [Re: Bounce/System Notification Address Verification], Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]