spf-discuss
[Top] [All Lists]

RE: Re: "extreme SPF" scenario for ISPs: AOL

2004-02-03 17:41:21
[Meng Weng Wong]
Isn't that incredible?

Still, SPF would work in that situation.  If nobody vouches for the
dialup IP address, we're golden.

Incredible it is.  I suppose anyone can forge an IP address through software
by using a raw socket, but I'm surprised that their network border routers
would let such a packet out.  I guess I'm naive as to how insecure many
networks are.

This is a terrific argument for SPF.  You can forge the originating IP,
forge the envelope sender, proxy the transaction through a compromised host,
but about the only thing that would pass SPF would be a message with the
return path forged to the compromised host.  The compromised host would be
promptly reported to their ISP for spamming and they could be cut off until
they secured their system.  If the ISP implemented rate-limiting (dream on),
relatively little damage would be done before the problem was discovered.

If you really wanted to send a lot of spam out in an SPF-aware world, you'd
have to hack into a mail server with a static IP and a lot of bandwidth.
They'd be picked up by the DNSBL's and that would limit your sending window
to a fairly short time, hence the need for mucho bandwidth.  This raises the
ante, as you now need a pretty big host, i.e. large corporate or government
facility, and you are much more likely to get caught.  Spamming may no
longer be an enforceable crime, but hacking into a corporate network still
is plus you're likely to get sued.  Doesn't sound like there'd be a lot of
takers for that one.  I like this a lot.

--
Seth Goodman

off-list replies to sethg [at] GoodmanAssociates [dot] com

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡