Re: why eliminating spoofing is interesting; RE: [Asrg] seeking comments on new RMX article
Barry Shein <bzs@world.std.com> Tue, 06 May 2003 22:31 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA12533 for <asrg-archive@odin.ietf.org>; Tue, 6 May 2003 18:31:41 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h46MeMH04529 for asrg-archive@odin.ietf.org; Tue, 6 May 2003 18:40:22 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h46MeM804526 for <asrg-web-archive@optimus.ietf.org>; Tue, 6 May 2003 18:40:22 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA12502; Tue, 6 May 2003 18:31:11 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19DAzs-00036O-00; Tue, 06 May 2003 18:33:16 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19DAzr-00036L-00; Tue, 06 May 2003 18:33:15 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h46Md2804393; Tue, 6 May 2003 18:39:02 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h46McY804318 for <asrg@optimus.ietf.org>; Tue, 6 May 2003 18:38:34 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA12425 for <asrg@ietf.org>; Tue, 6 May 2003 18:29:23 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19DAy8-000351-00 for asrg@ietf.org; Tue, 06 May 2003 18:31:28 -0400
Received: from pcls1.std.com ([199.172.62.103] helo=TheWorld.com) by ietf-mx with esmtp (Exim 4.12) id 19DAy7-00034y-00 for asrg@ietf.org; Tue, 06 May 2003 18:31:27 -0400
Received: from world.std.com (root@world-f.std.com [199.172.62.5]) by TheWorld.com (8.12.8p1/8.12.8) with ESMTP id h46MW80v008117; Tue, 6 May 2003 18:32:08 -0400
Received: (from bzs@localhost) by world.std.com (8.9.3/8.9.3) id SAA20651; Tue, 6 May 2003 18:32:05 -0400 (EDT)
From: Barry Shein <bzs@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <16056.14308.887601.265082@world.std.com>
To: Bob Atkinson <bobatk@exchange.microsoft.com>
Cc: "Eric D. Williams" <eric@infobro.com>, Dave Crocker <dcrocker@brandenburg.com>, Hadmut Danisch <hadmut@danisch.de>, asrg@ietf.org
Subject: Re: why eliminating spoofing is interesting; RE: [Asrg] seeking comments on new RMX article
In-Reply-To: <27C4E14288DB344FBA10705D57A9BB043E5574@DF-CHOPPER.platinum.corp.microsoft.com>
References: <27C4E14288DB344FBA10705D57A9BB043E5574@DF-CHOPPER.platinum.corp.microsoft.com>
X-Mailer: VM 7.07 under Emacs 21.2.2
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Tue, 06 May 2003 18:32:04 -0400
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
On May 6, 2003 at 12:02 bobatk@exchange.microsoft.com (Bob Atkinson) wrote: > An interesting observation is once you've eliminated the domain > spoofing, what you've then got in hand is a domain name that you can > reasonably believe has some amount of responsibility for the > transmission of the message. Not much more than you did by (intelligently) looking at the Received lines. One of the major sources of spam right now seems to be zombie robot hosts, hosts who have had a virus injected into them which turns them into unwitting spam slaves*. So the spam is being delivered by 123-456-789-123-dsl-pool.telco.com and guess what it seems to be from xxxdvd@123-456-789-123-dsl-pool.telco.com who assures you that anything from (don't make me type it again) is indeed from (I'm just not going to type it again.) Now what do you know? * Could someone please teleport that sentence back to the TCP-IP list of 1985 and get the reaction? -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo* _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- why eliminating spoofing is interesting; RE: [Asr… Bob Atkinson
- Re: why eliminating spoofing is interesting; RE: … Barry Shein
- RE: why eliminating spoofing is interesting; RE: … Eric D. Williams