[Mimedefang] On pinheaded ISP's (sort of OT)
Damrose, Mark
mdamrose at elgin.edu
Wed Jan 31 12:39:36 EST 2007
> From: Philip Prindeville
> If they want to know where it originated, then they will have
> to go through *their* logs and follow the bread-crumb trail
> back to the point of origin.
If you send headers, then a clueful admin can usually pick out
a message-id or a queue id to pinpoint exactly where in their
own logs to look. Without that, it's probably too much bother.
> Having to present all of the headers (or, really, just the Received:
> headers) isn't reliable for the very reason that you point out:
> they can be forged.
>
> Logs can't.
My IP address ranges are public knowledge thanks to whois. It
would be fairly trivial to forge a log entry showing a message
received from one of my IP addresses.
As you point out, it is also trivial to forge headers, but not
so trivial to guess a valid message-id or queue id that my system
would have used at the time that message was sent. So forging
headers that supposedly came through one of my systems is much
easier to detect.
More information about the MIMEDefang
mailing list