Re: Why no revision to SMTP to include authenticat

Forums » Authenticate Us From Evil » Why no revision to SMTP to include authentication?


Share Topic:	RSS topic:	toggle: flat / full normal / watch	Post a:	Post a:

« limit the number of outgoing emails

fantomposter
Phantom Poster
Premium
join:2002-09-21
Independence, OH

1 edit

Re: Why no revision to SMTP to include authenticat

Spammer sets up his throw away domain. Puts up DNS for it at a place where it can be changed easily and quickly.

He finds a trojaned Comcast machine to use. He changes his DNS file to show the proper SPF record for that Comcast machines IP addy.

Then he fires his spamm off from that machine and SPF stops nothing because he controls the domain and the SPF records.

Rinse-Lather-Repeat. SPF only stops someone from using my or your address as a forged from, and it stops the virus that use forged froms.

It will not stop spam nor will it slow it down much.

permalink · 2004-06-18 12:59:06 · Print ·

TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC

·Verizon Online DSL

Re: Why no revision to SMTP to include authenticat

said by fantomposter :

Spammer sets up his throw away domain. Puts up DNS for it at a place where it can be changed easily and quickly.

He finds a trojaned Comcast machine to use. He changes his DNS file to show the proper SPF record for that Comcast machines IP addy.

No-Good! the SPF must reside on his domain, and point to a mail server on his domain... No receiving SPF/SMTP server will ever query his spf record for mail originating from a comcast addy, it will query comcast's spf records, and reject the mail. Spammer Fails!

said by fantomposter :
Then he fires his spamm off from that machine and SPF stops nothing because he controls the domain and the SPF records.

Spammer can't control comcast's SPF records, in the same way he can't control their PTR records! Spammer FAILS!

said by fantomposter :
Rinse-Lather-Repeat. SPF only stops someone from using my or your address as a forged from, and it stops the virus that use forged froms.

Nope! SPF forces all mail from a domain to come ONLY from the allowed (SPF'd) domain's mail servers, which are advertised only by that domain's listed DNS servers. Spammer Fails!

said by fantomposter :
It will not stop spam nor will it slow it down much.

If implemented net-wide it will kill almost ALL spam. That which is left, will only come from spammer-owned/SPF'd domains. These domains will be easy to identify and block on site; black-lists will only have to deal with direct spammer domains. Spammer is toast!

Bob
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME.»www.tamara-b.org

permalink · 2004-06-18 15:28:53 · Print ·

fantomposter
Phantom Poster
Premium
join:2002-09-21
Independence, OH

Re: Why no revision to SMTP to include authenticat

said by TamaraB :

Nope! SPF forces all mail from a domain to come ONLY from the allowed (SPF'd) domain's mail servers, which are advertised only by that domain's listed DNS servers. Spammer Fails!

Hopefully you are still here, I did not check this thread recently. been a busy weekend.

Spammer controls his domain. He can set up DNS and SPF any way he wants to point to any machine he wants.

So he lists the comcast trojaned machine as his domains mail server. And SPF fails.

permalink · 2004-06-20 22:28:27 · Print ·

TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC

·Verizon Online DSL

Re: Why no revision to SMTP to include authenticat

said by fantomposter :

Spammer controls his domain. He can set up DNS and SPF any way he wants to point to any machine he wants.

Any machine with an A record within his domain.

said by fantomposter :
So he lists the comcast trojaned machine as his domains mail server. And SPF fails.

He can't! He is not listed as authoritave for comcast IP's, he can use a redirect mechinism, but that does the oposite of what he wants.

My smtp server gets a connect from that trojened comcast machine, my server checks with COMCAST DNS for spf, not his DNS...

Think of SPF as an extension of MX. Only a list of a domains allowed "sending" servers instead of receiving servers (MX).

Spammer is toast!
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME.»www.tamara-b.org

permalink · 2004-06-21 03:27:29 · Print ·

fantomposter
Phantom Poster
Premium
join:2002-09-21
Independence, OH

Re: Why no revision to SMTP to include authenticat

said by TamaraB :

He can't! He is not listed as authoritave for comcast IP's, he can use a redirect mechinism, but that does the oposite of what he wants.

I have not seen a spec on SPF that says you check IP addresses. It only checks the SPF records for the domain name in the from field.

quote:

My smtp server gets a connect from that trojened comcast machine, my server checks with COMCAST DNS for spf, not his DNS...

You got that backwards. That is not what SPF does. If I have that wrong point me to a website that explains it is otherwise.

All SPF does is check the authoritative DNS for the DOMAIN name in the from field. It checks the DNS records for that domain name and makes sure there is an SPF record that shows the sending computers IP address. If spammer controls his own domain name then he can put any IP address he wants in the SPF record.

Check here: »spf.pobox.com/faq.html

And scroll down to the part where the headline is:

"It doesn't really prevent spam. Spammers can always get throwaway domains, etc."

Don't get me wrong, SPF is needed, to fix the virus bounces and the forged from address's in spam, it does a great job of that, but not much more.

permalink · 2004-06-21 08:27:32 · Print ·

your comment..

Forums » Authenticate Us From Evil

« limit the number of outgoing emails


Monday, 30-Nov 05:42:09	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF