Quote:
Originally posted by robmueller
With that definition, it doesn't really matter whether it's a specific email address or not for the hosts you "trust"
|
I understand that the definition ot "trusted" here is just "trusted to report the correct IP address in the 'Received' header".
But then if for instance I am a client of inter.net.il (which I would bet several FastMail users are. It's one of the biggest ISPs in Israel) then I might have then forward my email to FastMail. Then if I can tell FastMail "trust inter.net.il" when parsing "Received" headers then if I get spam sent from a broadband subscriber of inter.net.il sent directly to FastMail or to any forwarder I "trust" then I would also trust the "Received" line that the spammer put in if the spammer corectly uses the rdns of the IP address that sends the spam, and then the spammer can indicate a forged source in a forged header I "trust". For instance in the second example that I posted above, the one with bottom "Received" header saying:
Received: from SHIVUK-NET-5 (Hosting-IGLD-192-248.inter.net.il [213.8.192.248] ...
the spammer can identify as
Hosting-IGLD-192-248.inter.net.il which would pass the "trust test" and then the spammer can forge another "Received" line that lets
Hosting-IGLD-192-248.inter.net.il tell us that the email originated from somewhere else. This is a side effect of the fact that anything with suffix inter.net.il would be "trusted" if inter.net.il is trusted. I don't know if limiting "trust" per address set to receive forwarded mail can solve it, but it can limit this problem to spam sent within the forwarding ISP.