[Top] [All Lists]

Re: SMTP Transferred-By-Reference

2007-11-15 10:53:55
On Tue, 13 Nov 2007 18:32:49 PST, Douglas Otis said:

Message content offers little assurance of its origination.  Where to  
reach for the message is more significant.  The TBR extension offers  
both an assured last hop IP address and a domain of origination.   
Often the origination of content is more important than the results  
of a scanning process.  Receivers would be foolish to trust the  
results of content scanning alone.

OK. Let me get this straight.  We get an inbound connection from a possibly
dodgy source address, like a probably compromised cablemodem box, and we
then take the address *they provide us* and use that as some sort of

What's wrong with this picture? (Hint - what are the chances that a hypothetical
connection from said abused cablemodem, if it uses TBR, will point at either
the *same* address, or yet another abused cablemodem?  Consider the use of
fast-flux DNS changers when you ponder this - there's no reason why you won't
find that *won't* point at a cablemodem.)

Attachment: pgpd9l0CvBT8y.pgp
Description: PGP signature