Re: Is it just me that is being picked on?

From: Alan Connor (alanconnor_at_earthlink.net)
Date: 09/20/03 

Date: Sat, 20 Sep 2003 19:25:19 GMT

On Sat, 20 Sep 2003 19:52:54 +0100, Joe <joe@jretrading.com> wrote:
>
>
> In message <IUUab.14$gR1.5@newsread4.news.pas.earthlink.net>, Alan
> Connor <alanconnor@earthlink.net> writes
>>On Fri, 19 Sep 2003 22:05:13 -0400, Jean-David Beyer
>><jdbeyer@exit109.com> wrote:
>>>
>>>
>>>
>>> But they must do that already. You need a contract with an ISP, so they
>>> know who you are. To connect to the Internet through the ISP, you must
>>> dial them up (or connect through cable, ISDN, DSL, etc.), provide a
>>> login and password so they already know who you are.
>>>
>>
>>Not enough.
>>
>>
>>Someone would send mail from a computer or network to the first
>>ISP. If the originating address was passlisted, AND the From headers matched
>>the From: addresses, registered with them, it would be passed on with those
>>added to the mail by the ISP in a seperate header that included the ISP's IP
>>number (of the specific computer). All these on their own lines, with dates.
>>
>>If the from address didn't match the one registered for that IP, then
>>it would be dumped and not passed on.
>>
>>The next ISP would look for that header and match it with the ISP they
>>received it from. If there was no match, it would be dumped. If the
>>header was missing (at least one) or the From headers and the information in
>>the header added by the preceding ISP didn't tally (they should all have
>>the same address (originating) and different times, or there were different
>>addresses in these added headers, the mail would be dumped.
>>
>>If the dates didn't make sense (were not sequential and reasonably spaced),
>>the mail would be dumped.
>>
>>I guess they'd look something like this:
>>
>>X-PATH:john@smith.net:63.177.195.32:Sat Sep 20 01:55:04 PDT 2003
>>...
>>...
>>...
>>
>>The originating ISP would have a record of what IP was assigned that email
>>address at that time that would be accessible via the DNS network.
>>
>>Any mail that anyone got would have the actual address from the originating
>>computer on the From: line/From line.
>>
>>I hope that's clear enough. It's just a slight variation on what is alread
>>done at present.
>>
>>
> Am I missing something here? Is this not more-or-less reverse DNS
> checking? Exim will do that if you tell it to, and won't accept SMTP
> from someone whose name and IP don't match.

No. It's me that's missing something. I didn't know that. But then I don't
use an MTA.

Not sure what you describe above would fit the whole bill, but it sure is
close.

If it does, then I assume the MTA could also be configured to refuse to
forward such mails.

 Most of the big boys clearly
> do not do this, because I often get bursts of 'bounced' spams that
> didn't come from me. The sending IP is normally on a different continent
> to mine.
>

The probably sure seems to be political rather than technological.

> I once had cause to send mail from a SMTP server with a helo that didn't
> match the reverse DNS: the receiving Exim accepted it grudgingly, having
> first replied 'you are bluffing' in the SMTP handshake.
>
> It's a problem for dynamic IPs, but then a lot of servers which use
> blacklists won't accept mail from dynamic IPs anyway. If ISPs using
> dynamic IPs don't offer an authenticated SMTP relaying service, their
> users have the choice of paying someone else for such a service or
> voting with their feet (is there a cyberspace equivalent of that
> expression?).
>
> Since SMTP is a handshaking protocol, it would seem difficult to forge
> the sending IP address, at least without some serious DNS mayhem.
> --
> Joe

Is not POP the same way? A hand-shaking protocol? The same functionality
you describe above needs to be in sending/forwarding and receiving protocols
to do this right. 

-- 
Later, Alan C
   take control of your mailbox ----- elrav1 ----- http://tinyurl.com/l55a
           spammers hate this program because they can't beat it

Relevant Pages

  • Re: how to not spred a virus/worm
    ... connections from someone inside your network' mean? ... sending the complete header. ... Then, if the ISP is so moved, they can use ... Phil Weldon, pweldonatmindjumpdotcom ...
    (microsoft.public.security.virus)
  • Re: Outlook Express Jams on ONE single SPAM
    ... > previous header and refuse to track down the spammers ... Ever bothered to inspect the Received headers? ... ISP actually interrogates the contents of every message sent then it cannot ... Note that spammers will try to fool ...
    (microsoft.public.security)
  • Re: Email virus?
    ... >> really determine which ISP it originated from. ... we get to hibern8 ... Well if the header information shows that the IP address in the header ...
    (microsoft.public.security.virus)
  • Re: Problems reading some incoming Windows Mail messages
    ... security software suite supplied by my ISP, ... the header of the duplicated message followed by a similar ... Ctrl-F3 brings up the 'message source' ... The resident shield within an AV App' takes care of any mail born problem. ...
    (microsoft.public.windows.vista.mail)
  • Re: Change Headers That Exchange Uses To Deliver Mail?
    ... >It turns out that our ISP has some kind of SPAM filter that parses the BCC ... If that header remains with the message it's no longer useful since ... So the BCC information is transmitted to the recipients? ... Exchange server if your ISP is acting only as a SMTP proxy. ...
    (microsoft.public.exchange.admin)
Loading