Home page logo
/

basics logo Security Basics mailing list archives

RE: email address "spoofed"
From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 15 Mar 2004 08:17:05 -0800

  A great many ISPs who hand out addresses via DHCP maintain a
set of generic reverse-DNS entries for their scopes.  On the one
hand, this greatly diminishes the value of this lookup as an
anti-spam measure; on the other hand, it avoids the particular
problem you describe.

the problem is that my address when forward resolved is 
different from reverse resolution.

  So is mine.  So is virtually everyone's that I know.  The servers
that I'm aware of that perform this check don't look for a *match* --
all they care about is that there is a response that they can include
in the Received: header line.  No response, and the message gets bounced. 
 
  A more effective measure employed by several ISPs is to block
outbound SMTP at their borders, except for their own officially
sanctioned email server(s).  This cuts the propagation of viruses
with their own SMTP engine, and use of spam-sending packages with
their own, to virtually nil, and if they don't turn on the reverse
check, they can probably (*safely*) avoid setting up reverse 
records for their DHCP scopes.

this would work only if the isp allowed any and every email 
from any domain to pass through, that is why i run myy own 
mail server with the A and MX recored pointing to my smtp  
server address 

  My current ISP, and the one before, both have allowed me to send
email with a variety of "foreign" return addresses, as necessary.
The one before that was spammer-friendly, and didn't care.  Again,
it's not a match that's needed, just a block that breaks most spammer
tools and email worms. 
 
  If your ISP allows arbitrary port 25 traffic to the world, but 
won't set up reverse ranges on its DNS servers, maybe you should
evaluate some of their competitors....

ther competitors are worse, atleast this one has a very 
responcive help desk and good people at the phone and not 
some script monkeys, one call is what it takes to resolve any 
complicated matter.

  So why don't they seem to have a clue about this?  I guess that
if their competition is even worse, you're stuck.  Sorry to hear it.

Dave Gillett



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]