In <MHEGIFHMACFNNIMMBACACEFGHGAA(_dot_)nobody(_at_)spamcop(_dot_)net> "Seth
Goodman" <nobody(_at_)spamcop(_dot_)net> writes:
[Meng Weng Wong]
Isn't that incredible?
Yep. It has been going on for quite a while too... I was kind of
under the impression that the widespread blocking of port 25 *inbound*
was why spammers started to use email worms to create open proxies so
that they can do port 25 outbound.
The only info that these slow-speed back-channels need to be able to
relay to the spammer is the initial IP sequence numbers. After that,
the spammer can spew the entire SMTP session in a few, large packets
and the acks that the other MTA can be dropped for all the spammer
cares.
Since the receiving MTA has no idea that the packets aren't really
coming from the AOL dialup IP address, no complaints can reach the
spammer's ISP.
Still, SPF would work in that situation. If nobody vouches for the
dialup IP address, we're golden.
Incredible it is. I suppose anyone can forge an IP address through software
by using a raw socket, but I'm surprised that their network border routers
would let such a packet out. I guess I'm naive as to how insecure many
networks are.
Sadly, most ISPs don't block forged IP addresses, which makes DDoS
attacks a real pain to take care of. Granted, the larger the network,
the harder it is to tell which direction is "upstream". With all the
peering arrangements, once a packet reaches an ISPs core network, you
have no idea if a packet has a forged IP address or if it is just a
packet that you are supposed to route for someone else.
-wayne
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡