TS Glassey wrote: > Matthias > Any DNS BL Listing process where those listings are based on complaints > would create this. [spoofed IPs in DNSBLs] Few DNSBL listing processes rely on "complaints" as you put it. Certainly, none of the popular ones use them extensively, and most refuse them. Eg: the CBL explicitly refuses contributions of complaints. Most DNSBL listing processes rely _only_ on the peer address of the connection (either direct, or by header insertion by their own trusted systems). No-one has yet come up with a spam-economy-practical mechanism for spoofing source IP in TCP/IP (SMTP) sessions. There has been much research on the topic, and it all seems to indicate that there isn't one. I'll refer you to papers by Steven Bellovin, Marcus Leech and others. [UDP packet source IPs are trivially forgeable. But you can't send email by UDP packets. TCP/IP source IP is forgeable, but only at extremely high effort levels - few spammers would be satisfied with a throughput rate of a few spams per week (at most) per bot that works only against some destinations, when the return rate is measured in the single digits per million spams. If TCP/IP source spoofing were to become a spammer-practical method, the Internet has vastly bigger problems than flakey email.] The two most effective DNSBLs of all (CBL & PBL, both part of Spamhaus Zen) don't look at headers at all. The former takes its IPs directly from the TCP/IP stack of the MTA receiving the email (eg: getpeername()), and the latter is a policy assertion, largely by the verified owner of the IP ranges in question. IP spoofing is effectively impossible in one, and irrelevant to the second. _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf