[Dshield] Users don't pay attention
dshield at oitc.com
Sat Aug 20 23:36:44 GMT 2005
At 4:25 PM -0700 8/20/05, Abuse wrote:
>** Reply to message from Craig Webster <craig at xeriom.net> on Sat, 20 Aug 2005
> > If I receive an email like this I'm unlikely to trust it no matter
>> who the claimed sender is; it looks like it's been forged.
>I do not think it likely that anyone checks that the email server domain name
>is the same as the senders domain. My guess is that if they did that 25% to
>30% (if not more) of the email would be blocked.
Actually, lots check to see if server domain name exists. Matching
sender would be a violation of RFCs as it would break forwarding
(which is what multihoming of mail reduces to)
>> >> These ISPs will block the useful ports and lock you into their
>> >> services no problem under the guise of being the superhero of the
>> >> story but as you say, it's unlikely that they'll ever monitor or
>> >> block the vast majority of their traffic. It's simply easier to say
>> >> "It's the bad guys fault. Now buy our services."
>> > I DISAGREE loudly.
>> > I think blocking port 25 is a very good strategy as this blocks
>> > most of the
>> > compromised computers (which is the main source of spam). If you
>> > want to run
>> > your own email server then set it up to relay all of your out bound
>> > email
>> > through your ISPs email server. You can still receive email
>> > directly into your
>> > email server without any problems.
>> > Please explain to me why this does not work?
>> You're talking about using a personal local mail server within the
>> ISPs network; I'm talking about using a mail server that is outside
>> your ISPs network (as is common with a lot of hosting packages and
>> commercial email packages). Your traffic is blocked before it gets to
>> the desired server so there's no chance of relaying it back to the
>> funnel server. You're stuck setting the From: and Reply-To: headers
>> and as I pointed out above, some spam filters don't like that.
>Yes, here I was talking about a personal email server. But up above
>that I was
>talking about using my email client to send email, through my ISPs email
>server, and having the FROM: being for a different domain. Most people do not
>look at the headers and will never know that the email was not sent from the
>domain referred to in the FROM:.
Actually most mailservers who host multiple domains do this rather
than waste IPs
More information about the list