[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Asrg] Re: How would SPF or Sender ID stopped this attack

To: Bill McInnis <bill.mcinnis at messagelevel.com>
Subject: [Asrg] Re: How would SPF or Sender ID stopped this attack
From: Philip Miller <millenix at zemos.net>
Date: Mon, 02 Aug 2004 14:03:14 -0400
Cc: asrg at ietf.org
In-reply-to: <7DF9D69B5FC4BB449AEFA3B1CCF7BF3525FFA2@exchange.rdcim.com>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <16650.54734.139542.144312@world.std.com> <7DF9D69B5FC4BB449AEFA3B1CCF7BF3525FFA2@exchange.rdcim.com>
Sender: asrg-bounces at ietf.org
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.1) Gecko/20040726 Debian/1.7.1-4

Bill McInnis wrote:

Thanks for the reply.

If the IP Address is what is being checked, and I have my own email
server in China that I set up to be US Bank, I know it will not resolve
back to me of course, copy the appropriate IP out of the SPF or Sender
ID record in DNS and release my messages as US Bank, how can it pick
that up?  Wont it just ask DNS if the IP address 123.456.789.123 is the
address of the originating server?

Isn't this the exact scenario they are referring to in the Security
Considerations section?

This 'scenario' involves building a TCP session while using a forged IP address. I don't think anyone has ever claimed to be able to achieve this on the Internet, and it's only become harder in recent years. Even if it were feasible, fixing SMTP to make it impossible would be a minor protocol change.

Philip Miller

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- Re: [Asrg] How would SPF or Sender ID stopped this attack
  - From: Barry Shein
- RE: [Asrg] How would SPF or Sender ID stopped this attack
  - From: Bill McInnis

Prev by Date: Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
Next by Date: RE: [Asrg] Anti-spam laws do work, FYI. There's proof.
Previous by thread: RE: [Asrg] How would SPF or Sender ID stopped this attack
Next by thread: Re: [Asrg] How would SPF or Sender ID stopped this attack
Index(es):
- Date
- Thread