Nico Kadel-Garcia wrote:
Julian Mehnle wrote:
Dave Crocker wrote:
Every incoming email has an IP address that cannot be forged {1}
Actually, IP Address spoofing is already a problem. Spammers are
stealling portions of IP Address space.
Please tell me, how would you go about "stealing" the IP address
195.30.85.225, for example?
There are several methods. Many involve manipulating routing tables on
intermediate connections, so that the traffic goes to a fake such
address or is even duplicated to that fake destination so that the
traffic can be analyzed and parsed for passwords. (I know at least one
company in Boston that sells a snooping device that will easily
disassemble and record in separate streams all the traffic of a fully
loaded 100 MHz Ethernet connection)
Since most routers have no more security than most FTP accounts, using
default passwords, having little shell scripts or configuration tools
lying around with the passwords in plain text, and having admins log in
remotely over unsecured networks to fix problems and sending passwords
in the clear because they use telnet and few routers support SSH, this
isn't actually that hard.
Well, those methods could very likely be employed to circumvent
content-bound sender authentication schemes such as DomainKeys, too,
couldn't they? So I think these are general security issues mostly, not
SPF-specific ones.