View Single Post
Old 23 Feb 2007, 05:18 PM   #14
The "e" in e-mail
Join Date: Oct 2002
Location: Holon, Israel.
Posts: 4,507
Originally posted by robmueller
With that definition, it doesn't really matter whether it's a specific email address or not for the hosts you "trust"
I understand that the definition ot "trusted" here is just "trusted to report the correct IP address in the 'Received' header".

But then if for instance I am a client of (which I would bet several FastMail users are. It's one of the biggest ISPs in Israel) then I might have then forward my email to FastMail. Then if I can tell FastMail "trust" when parsing "Received" headers then if I get spam sent from a broadband subscriber of sent directly to FastMail or to any forwarder I "trust" then I would also trust the "Received" line that the spammer put in if the spammer corectly uses the rdns of the IP address that sends the spam, and then the spammer can indicate a forged source in a forged header I "trust". For instance in the second example that I posted above, the one with bottom "Received" header saying:
Received: from SHIVUK-NET-5 ( [] ...
the spammer can identify as which would pass the "trust test" and then the spammer can forge another "Received" line that lets tell us that the email originated from somewhere else. This is a side effect of the fact that anything with suffix would be "trusted" if is trusted. I don't know if limiting "trust" per address set to receive forwarded mail can solve it, but it can limit this problem to spam sent within the forwarding ISP.

Last edited by hadaso : 4 Mar 2007 at 07:23 AM. Reason: typos, typos ...
hadaso is offline   Reply With Quote