republican-creole
Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » E-mail Tax » how will this be done?
Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
"advocating" »
« What about the nasty virus  
sdd75

join:2001-10-14
Maryville, TN

Re: how will this be done?

Email accounts aren't really 'zombied' or 'hijack' per say, but are more accurately 'spoofed'. The problem with SMTP is it is a Simple Mail Transport Protocol. All it does is relay. Initially SMTP has no security built in to it. In a sense I guess the protocol still doesn't. Some servers can be configured to mimic security. They can be set to only relay if either the source or the destination is within a certain ip address range. (That's why some ISP's require you to use an alternate SMTP server if you connect off their network.) Other tricks include requiring users on the local network to authenticate or use encryption,(ESMTP) but allow incoming to relay to the pop server without such security. This lack of security is compounded by the fact that SMTP is just as much a client as a server in the traditional client-server relationship. The way it works is the client sends a message to an SMTP server (presumably source ISP), which in turn sends the message along to another SMTP server (presumably destination ISP), then to a MTA (typically a POP or IMAP server) which stores the message for later retrieval. (notice SMTP did not store the message. That's how simple it is.) This simplicity is why a virus can send email without your account's user name and password. The code is compact, and authentication isn't implemented. The SMTP server doesn't distinguish one client from another. In fact, the only way it can tell it's a client versus another SMTP server is if the source is from the local network or not. Beyond that, SMTP simply trusts the information is accurate. That said, what's to stop someone else from sending an email via SMTP and simply lying about the source email address? The answer is nothing. Consider this simple test of an SMTP server:

telnet smtp.yourisp.net 25
helo yourisp.net
mail from: myname@yourisp.net
rcpt to: someoneelse@anotherisp.com
data

This is just a test.
.
quit

Why would someone lie, and put your email address there? Simply put, they are trying to bypass another security feature implemented by isp's. Some isp's are performing a reverse-dns to query if the source domain actually exists before relaying. If a spammer uses an account from that domain, then it exists. Then all of the messages sent to an invalid account are returned by the local ISP to the address spoofed. Now your inbox is 'spammed' with undeliverable messages you didn't send. (email viruses will also cause this.)
permalink · 2003-11-19 18:35:44 · Print · Reply to this
Forums » E-mail Tax"advocating" »
« What about the nasty virus  

Saturday, 28-Nov 13:11:37 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [122] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [75] TiVo Sees Record Customer Losses
· [70] Verizon CEO: Hulu Will Be Dead Soon
· [69] In-Flight Internet Headed For Bumpy Landing?
· [62] Thanksgiving Open Thread
· [60] Weekend Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Using AirMax to provide triple play services? [Wireless Service Providers]
· Windows 7 boot manager editing questions [Microsoft Help]
· Why would I want an e reader? [General Questions]
· [Newsgroups] Newzleech down? [Filesharing Software]
· DIR-655 New Beta 1.32b09 [D-Link]
· So we need a legitimate reason to use a lot of bandwidth? [TekSavvy]
· Why does it take so long? Mail question [General Questions]
· Not strictly "Home" related - but WOW anyways... [Home Repair & Improvement]
· Hosts file attributes set to system and hidden [Security]