Re: [Asrg] Re: SPF abused by spammers

[Barry Shein <bzs at world.std.com>]

On September 15, 2004 at 00:20 hjp-asrg at hjp.at (Peter J. Holzer) wrote:
 > Why should they? No legitimate user would want to send mail as
 > johndoe at ABordeaux-251-2-10-162.w82-125.abo.wanadoo.fr, because he will
 > never be able receive an answer (assuming that this is an address in a
 > dynamic address pool). The legitimate user will send want to send mail
 > as johndoe at wanadoo.fr, or maybe johndoe at bordeaux.wanadoo.fr.

Well, of course that's sensible, but the point really is that there is
little difference between hijacking your PC and just breaking into
your house and sitting down at your PC, as far as detectability of
intent goes.

So, if the ISP allows your PC to do direct delivery and will ACK your
SPF (however one might say that) then a zombie program on that PC will
be ACKed also.

I see a lot of that johndoe at ABordeaux-251-2-10-162.w82-125.abo.wanadoo.fr
kind of addressing here but ok, so perhaps it becomes as you say,
johndoe at wanadoo.fr or johndoe at bordeaux.wanadoo.fr.

The point is, if wanadoo.fr's servers will ACK for that PC when the PC
tries to send from johndoe at wanadoo.fr then it'll ACK for a zombie
program running on that PC also.

AND, I contend, there'll be millions of such PCs (infected or not.)

-- 
        -Barry Shein

Software Tool & Die    | bzs at TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg