On Fri, 2009-02-13 at 12:43 -0600, McDonald, Dan wrote: > On Fri, 2009-02-13 at 12:20 -0600, Lindsay Haisley wrote: > > On Fri, 2009-02-13 at 17:43 +0000, Martin Gregorie wrote: > > > I've heard it said that IPV6 will... > > You can always spoof an IP address of any type. The only email header > > you can trust absolutely is the topmost Received header in an email. > > This address can't be spoofed. > > Never say never or always, since never will always get you in trouble...
Oooh, good point :-) Pigs _may_ someday fly. > > If it were, it would have been > > technically impossible to send the email. > > It might be hard to spoof, but not impossible if you are able to > intercept the data path somewhere along the way. Otherwise, there would > be no reason to block bogons... You can block a bogon, but you can't carry on a IP dialog using it because by definition a bogon is an IP packet claiming to be from an un-allocated IP address. If an SMTP request comes in to your server with a bogus originating address then there's no way to carry on an SMTP exchange with the client on the other end, and hence no email. QED. DoS packets frequently use bogus origination addresses but these aren't intended to establish two-way communication. Yes, you can intercept the path and re-originate the IP traffic, which is what firewalls often do, but in this case the originating IP address is indeed a true address, and if the traffic is malicious, then said address is implicated, either through intent or technical compromise (hacked!). -- Lindsay Haisley | "Everything works | Accredited FMP Computer Services | if you let it" | by the 512-259-1190 | (The Roadie) | Austin Better http://www.fmp.com | | Business Bureau