[Dshield] SMTP question....
josh at raintreeinc.com
Mon Aug 8 17:28:41 GMT 2005
> Correct me if I am wrong, but isnt it possible that someone spoofed your address and that might be
> how you got there?
> And why should we have to prove innocence by capturing logs and sending? Should't one have to be
> proven guilty to be placed on the list?
It would be tough to send an entire email by spoofing the address
without having control over some computer or router close to either the
machine that received and reported to spamcop or over Mr. Golodner's
email server. That sort of spam would involve several packets, where the
source of the attack would have to see the responses from the receiving
server to get things like sequence numbers for the connection. Without
that control, the sender wouldn't ever see the responses.
Because it isn't trivial to spoof the IP address of the source of
something like spam email (again, because the sender needs to see
responses from the server) it's pretty likely that spamcops records are
correct, and that some spam did come from the network in question. In
other words, he's pretty much been proven guilty.
All that being said, systems like spamcop also include disclaimers that
say basically "We just publish the sources of reported spam, we don't do
any actual blocking of email -- if your email gets blocked because
you're on our list, it's not our fault, even if our list is wrong."
Raintree Systems, Inc.
Office Phone: (801) 293-3090
Corporate Office: (800) 333-1033
More information about the list