[Gllug] Spammers

Richard Jones rich at annexia.org
Wed Sep 24 18:06:57 UTC 2003


On Wed, Sep 24, 2003 at 01:09:20PM +0100, Jason Clifford wrote:
> On Wed, 24 Sep 2003, Richard Jones wrote:
> 
> > When a SMTP server receives a mail from a sender purporting to be
> > somebody @annexia.org, it obviously knows the IP address of the
> > machine which is connecting to it. What it does is to look up the RMX
> > record(s) for annexia.org and checks that this IP address is one of
> > the IP addresses listed in an RMX record.
> 
> it wont work - SMTP is a store and forward mechanism and many domains 
> forward email through other servers on an adhoc basis - note I am not 
> included spammers using open relays in this.
> 
> Many ukpost and ukfsn users have account specifically for this purpose.

Well, I understand of course that SMTP is theoretically a store and
forward delivery mechanism. I seem to remember however that the
original paper argues that in practice SMTP does not happen this way
(and this is also my experience - mail goes from ISP to ISP directly).

> > RMX records just guarantee the sender domain is a real domain, nothing
> > else. That would have prevented the spammer in this case (see head of
> > thread) from forging my email address in their spams.
> 
> No it wouldn't - the forgery is in the body of the message not in the SMTP 
> headers.

See also my correction below.

It does ensure that someone can't fake the envelope address. Of course
they can still fake the From: header, but faking that doesn't cause me
to get hundreds of "user unknown" bounces, and trained spam
investigators are more interested in the envelope From and the
Received: headers than the From: header.

Rich.

-- 
Richard Jones. http://www.annexia.org/ http://freshmeat.net/users/rwmj
Merjis Ltd. http://www.merjis.com/ - all your business data are belong to you.
NET::FTPSERVER is a full-featured, secure, configurable, database-backed
FTP server written in Perl: http://www.annexia.org/freeware/netftpserver/

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list