View Single Post
Old 23 Feb 2007, 06:18 PM   #14
hadaso
The "e" in e-mail
 
Join Date: Oct 2002
Location: Holon, Israel.
Posts: 4,507
Quote:
Originally posted by robmueller
With that definition, it doesn't really matter whether it's a specific email address or not for the hosts you "trust"
I understand that the definition ot "trusted" here is just "trusted to report the correct IP address in the 'Received' header".

But then if for instance I am a client of inter.net.il (which I would bet several FastMail users are. It's one of the biggest ISPs in Israel) then I might have then forward my email to FastMail. Then if I can tell FastMail "trust inter.net.il" when parsing "Received" headers then if I get spam sent from a broadband subscriber of inter.net.il sent directly to FastMail or to any forwarder I "trust" then I would also trust the "Received" line that the spammer put in if the spammer corectly uses the rdns of the IP address that sends the spam, and then the spammer can indicate a forged source in a forged header I "trust". For instance in the second example that I posted above, the one with bottom "Received" header saying:
Received: from SHIVUK-NET-5 (Hosting-IGLD-192-248.inter.net.il [213.8.192.248] ...
the spammer can identify as Hosting-IGLD-192-248.inter.net.il which would pass the "trust test" and then the spammer can forge another "Received" line that lets Hosting-IGLD-192-248.inter.net.il tell us that the email originated from somewhere else. This is a side effect of the fact that anything with suffix inter.net.il would be "trusted" if inter.net.il is trusted. I don't know if limiting "trust" per address set to receive forwarded mail can solve it, but it can limit this problem to spam sent within the forwarding ISP.

Last edited by hadaso : 4 Mar 2007 at 08:23 AM. Reason: typos, typos ...
hadaso is offline   Reply With Quote