[Dshield] SMTP question....

Josh Tolley josh at raintreeinc.com
Mon Aug 8 17:28:41 GMT 2005


Mrcorp wrote:
> Correct me if I am wrong, but isnt it possible that someone spoofed your address and that might be
> how you got there?  
> 
> And why should we have to prove innocence by capturing logs and sending?  Should't one have to be
> proven guilty to be placed on the list?
> 
> Mrcorp

It would be tough to send an entire email by spoofing the address 
without having control over some computer or router close to either the 
machine that received and reported to spamcop or over Mr. Golodner's 
email server. That sort of spam would involve several packets, where the 
source of the attack would have to see the responses from the receiving 
server to get things like sequence numbers for the connection. Without 
that control, the sender wouldn't ever see the responses.

Because it isn't trivial to spoof the IP address of the source of 
something like spam email (again, because the sender needs to see 
responses from the server) it's pretty likely that spamcops records are 
correct, and that some spam did come from the network in question. In 
other words, he's pretty much been proven guilty.

All that being said, systems like spamcop also include disclaimers that 
say basically "We just publish the sources of reported spam, we don't do 
any actual blocking of email -- if your email gets blocked because 
you're on our list, it's not our fault, even if our list is wrong."

Josh Tolley
Raintree Systems, Inc.
http://www.raintreeinc.com
Office Phone: (801) 293-3090
Corporate Office: (800) 333-1033



More information about the list mailing list