[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Forged sender test



On Sat, Jan 11, 2003 at 03:45:16PM -0500, Vince Puzzella wrote:
> I see you point and agree totally.  But a forged sender test option
> is required by my spec.  I didn't come up with it and I don't have
> the patience, time, and energy to convince the powers that be
> otherwise :).  I was just wondering if I was missing something
> and it was possible without any source code changes.
> 
> Thanks anyway.

  Nothing is worse, than semi-cluefull specs-writers..

  There are lots of large ISPs which have e.g. their web-mail systems
  running so that outgoing email comes out from different addresses,
  than where the ingoing email goes.  I picked at random one email:

Received: from smtp018.mail.yahoo.com ([216.136.174.115]:32265 "HELO
        smtp018.mail.yahoo.com") by vger.kernel.org with SMTP

  Look for  "dig mx yahoo.com"  and observe, what addresses appear
  for the MX target addresses.  None match the one shown above.

  Same story with hotmail.com.


  Another situation are users with  .forward,   which resends
  incoming email to another address without altering origination
  address.


  ZMailer does verify that MAIL FROM address (domain) is routable.
  I have observed some systems to back-probe outgoing MAIL FROMs
  with:
       EHLO something..
       MAIL FROM:<>
       RCPT TO:<outgoing@source.address>

  When I raised attention of people who had begun to do that, I raised
  it because they didn't do any sort of caching of the results, and
  a high-volume list server got 300+ backtests for each target domain
  with subscribers...

  The idea itself might make some sense, but of course it falls on its
  face when backup MX server says "yeah, I will relay to that domain",
  and possibly even the primary is "fine, I handle that domain", like
  what default ZMailer smtpservers are doing.


  When it comes to spam-blocking, material scanning, and analysis
  with bayesian statistics filtering might be most worthwhile.

-- 
/Matti Aarnio	<mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi