kevin lyda <[EMAIL PROTECTED]> writes: > ok, so let's say [EMAIL PROTECTED] has tmda guarding his mailbox. for some > reason another user has decided to annoy [EMAIL PROTECTED] so he sends > mail from forged addresses via proxies to hide his identity. perhaps > forged from addresses of anti-spam people who maintain "bad" ip addresses. > this would cause tmda to generate confirm messages to those addresses.
This sounds like a variation on a "joe-job", where the spammer forges the victim's address in the From/Reply-To fields and the envelope sender and the victim gets all the bounces and angry responses. The only way to "prevent" it is to notice it early and block those specific emails. Forging the return address of an anti-spam crusader, however, would probably one of the most foolish things an attacker could do. Unless the attacker used a true anonymous remailer chain to send the mail, he can most likely be traced through Received fields. He can fake any Received headers he wants, as long as the server is under his control. Once the mail hits another MTA, though, even an open relay, the Received fields will be valid and will point back to him. If he used an anonymous remailer, he couldn't send more than a few messages before the remailer decided it was suspicious and blocked his IP (yes, they do that). And it's still not an automated process. In fact, it's a heck of a lot of work. For the same reason, using a web service like Hotmail or even Hushmail is much too time-consuming, since you have to send each message manually. > now granted the malicious user would have to send one message per > generated annoyance message, so it would take a lot of time, but is it > a possible attack? The attack is only really meaningful if you can send lots of mail automatically. Then it's only annoying, since the victim can tell from the headers what's going on and block it while tracing the attacker's address. That why it's dumb to forge an anti-spammers address. Many of those people get a real thrill from hunting down attackers and getting them kicked off their ISP. But that's just my opinion. <wink> Tim _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
