[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Asrg] Re: draft-duan-smtp-receiver-driven-00.txt

To: ietf-smtp at imc.org, asrg at ietf.org, lemonade at ietf.org
Subject: [Asrg] Re: draft-duan-smtp-receiver-driven-00.txt
From: David hagel <david.hagel at gmail.com>
Date: Wed, 11 May 2005 10:43:05 -0700
Cc:
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=bedW0PbS8OwQsIRAY5q2R/7del6HKDfLjiGbbXQMkfNG7UskLGEAcRjBPLCAuDOayboBKxS8/rulkMxv77ISohuC/znghW2J9fzTITuUq0G/RyibVNjUmdVlyBweEYYM319kRm6Al9ydfwSUrWQoAQSzO8/ZWqqQ3BGgKs99FO0=
In-reply-to: <2873121D8E5BCBD53ED16ED0@scan.jck.com>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <bccdd85d050505155171e205a3@mail.gmail.com> <Pine.LNX.4.60.0505092147370.478@hermes-1.csi.cam.ac.uk> <bccdd85d05050921522fec6a3d@mail.gmail.com> <6730573FC732D83C70050BDB@scan.jck.com> <bccdd85d0505101235323849f7@mail.gmail.com> <2873121D8E5BCBD53ED16ED0@scan.jck.com>
Reply-to: David hagel <david.hagel at gmail.com>
Sender: asrg-bounces at ietf.org

On 5/10/05, John C Klensin <john+smtp at jck.com> wrote:
>
> Unless you abandon mail relaying, and perhaps even if you do,
> domain names and IP addresses are as easily spoofed as full
> email addresses.  The spammers figured both out many years ago.
>

you're mistaken. udp spoofing is easy BUT smtp uses tcp.
its almost impossible to spoof tcp sessions now.
spoofer needs to correctly guess the randomly generated sequence/ack
numbers. even if you magically do this, you gotta control ALL
intermediate routers or else smtp server's responses will be misdirected.
meaning you cannot create a normal tcp session.
it's a common misconception that "ip spoofing"
can be used to hide your ip address while surfing the net,
chatting on-line, sending e-mail, and so forth.
this is not true unless you're on the same subnet as victim
where you can sniff their tcp seq. #'s.
if whay you say is true, all DNSBLs would stop working dude.

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- [Asrg] draft-duan-smtp-receiver-driven-00.txt
  - From: Kartik Gopalan
- [Asrg] Re: draft-duan-smtp-receiver-driven-00.txt
  - From: Tony Finch
- [Asrg] Re: draft-duan-smtp-receiver-driven-00.txt
  - From: Kartik Gopalan
- [Asrg] Re: draft-duan-smtp-receiver-driven-00.txt
  - From: Kartik Gopalan

Prev by Date: [Asrg] Re: draft-duan-smtp-receiver-driven-00.txt
Next by Date: [Asrg] Re: draft-duan-smtp-receiver-driven-00.txt
Previous by thread: [Asrg] Re: draft-duan-smtp-receiver-driven-00.txt
Next by thread: [Asrg] Re: draft-duan-smtp-receiver-driven-00.txt
Index(es):
- Date
- Thread