Re: spoofing email addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>Received: from mail.optistreams.net (206-169-2-196.gen.twtelecom.net [206.169.2.196])
>        by calcite.rhyolite.com (8.12.11/8.12.11) with ESMTP id i4UG8bio077225
>        for <vjs@xxxxxxxxxxxxxxxxxxxx> env-from <nsb@xxxxxxxxxxxxx>;
>        Sun, 30 May 2004 10:08:38 -0600 (MDT)

> From: Nathaniel Borenstein <nsb@xxxxxxxxxxxxx>

> > Mr. Borenstein and others like him expect the rest of us to subsidize
> > their $30/month connectivity by dealing with the network abuse of his
> > fellow customers, because they find $30/month comfortable.
>
> Just for the record, I spend plenty more than $30 per month on Internet 
> connectivity, as does my employer.  My views on this have nothing to do 
> with the cost of my Internet service, which is why I said nothing about 
> such costs. Since your message seems to be based entirely on a 
> misguided assessment of my motives, there's not much else in it that 
> needs to be answered.  (We could argue forever about what constitutes a 
> monopoly, but I doubt any minds would be changed.)
>
> Port 25 blocking may be sometimes necessary simply to preserve the 
> integrity of a network under heavy spam attack. 

Perhaps I am mistaken, but I believe that Mr. Borenstein has mentioned
his costs in the past.  His recent talk about the supposed "near
monopolies" of "cable providers" makes absolutely no sense except
in the context of $30/month services.

The copy of his message appears to have been sent to my SMTP server
from one of those $30/month accounts.  Mr. Borenstein certainly has
complained about some sort of blocking of his mail.  I think that
blocking involved a cable provider account.  However, if the blocking
that bothered him was not from his TimeWarner acocunt, then perhaps
this is relevant:

traceroute to guppylake.com (64.71.173.70), 64 hops max, 44 byte packets
11  ix-8-0.core1.SanJose.teleglobe.net (66.198.97.18)  59.309 ms
12  pos2-3.gsr12416.pao.he.net (66.220.13.42)  119.297 ms
13  pos2-0.gsr12012.fmt.he.net (64.62.249.121)  61.106 ms
14  64.71.173.70 (64.71.173.70)  62.479 ms

traceroute to thehideout.net (64.71.176.110), 64 hops max, 44 byte packets
13  pos2-0.gsr12012.fmt.he.net (64.62.249.121)  60.953 ms
14  64.71.176.110 (64.71.176.110)  61.028 ms


Hurricane Electric has earned a reputation as a provider that avoids
dealing with reports of spam sent by its customers except by
forwarding them reports to its customers.  See
http://groups.google.com/groups?scoring=d&q=+%22he.net%22+group%3A*email
http://groups.google.com/groups?scoring=d&as_epq=Hurricane%20Electric 
http://groups.google.com/groups?scoring=d&q=+%22he.net%22+group%3A*abuse*

Juging from http://spews.org/html/S2100.html 64.71.173.70 is currently
listed by SPEWS at level 2.  (I do not use or advocate SPEWS' list;
I'm pointing out SPEWS' data only to support my point about the supposed
unfairness of the blocking of Mr. Borenstein's mail.)

>                                                  But I believe that a 
> long-term solution is possible that will be both more effective and 
> less restrictive.  My own focus is on that long-term planning, and I 
> just can't see port 25 blocking as anything more than a rather 
> problematic stopgap measure in advance of a more spam-resistant 
> infrastructure for SMTP message submission.

People have been talking about such ideas since Cyberpromo's day.  The
closest thing that has ever been implemented and proven effective is
blocking port 25 SYNs from blocks of IP address that have a better
than 99.9% probability of sending only spam and worms, namely the IP
addresses of spammers and of "dynamic address."  In practice the latter
is synonmous with block port 25 for $30/month accounts.

Blocking port 25 from $30/month accounts does not affect SMTP-SUBMIT,
which is the IETF standardized "spam-resistant infrastructure for SMTP
message submission."   One must wonder how Mr.  Borenstein's mail could
be blocked by the sort of blocking he has repeatedly complained about
if he used SMTP-SUBMIT to reach reputable MTAs.

Note also the disconnect between the reverse-DNS of Mr. Borenstein's
SMTP client and his envelope Mail_From and header From: values,
and the lack of DNS RRs supporting any of the proposals for DNS-based
sender authentication.  According to the advocates of those mechanisms,
Mr. Borenstein's is "forging" his messages.


Vernon Schryver    vjs@xxxxxxxxxxxx

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]