Originally posted here by thehorse13
If someone is attempting to block SPAM using this single technique then they are pretty dopey or they've had their head in the sand for a long time. For the past few years SPAM filters have used a concoction of techniques to filter SPAM which makes header forging much less effective. One factor in all of this is ISP mail server Port 25 blocking and/or mail server spam filters. This limits the effectiveness of using faked or forged email headers, IPs or email domains with no MX Records.

This leaves the following avenues open for SPAMMERS:

* Use throw-away email domains (with fake, forged or stolen ids)
* Use throw-away free email addresses (with fake or stolen ids)
* Use throw-away ISP access accounts (with forged or stolen ids)
* Hijack mail servers
* Hijack PCs by installing Spam Zombies
* Open relay mail servers around the world
* Using a filter-evading script that randomizes subject lines, source addresses and entire domains to avoid or make it harder to be identified as bulk emails
* Using programs that automatically randomize different internet access accounts and then quickly log out


Anyway...

--TH13
I am referring to a full TCP/IP spoof spoofing the Ip and Sniffing the traffic for the answers and their are some ready made programs that send millions of spoofed messages easily.


When the Domain-Id Registeration is put in place only E-mails with SMTP's in the database (safelist) will be able to send mail to ISP's using Domain-ID Registration and those ISP's will be thoroughly tested and monitered. No new Ip's will be able to send mail meaning no open relays, Hijacked PCs (mostly Dyanmic Ip addresses) or throw-away email domains. Also ISP access accounts open them up for lawsuits and possibly extradition If stolen credit cards are used. Free-Email admins could just severly restrict the amount of E-mails used BCC and CC and bulk up security in general if need be and most users wouldn't even beware of the changes. Hotmail made alot of restrictions and they could go alot further if they see a huge increase in spam from their servers.

Spoofing Ip addresses in E-mail messages now is highy accessible unlike a couple of years ago.
Programmers sell programs that can Spoof Ip addresses in E-mails relatively cheap. So it will be more feasible to actually spoof the Ip address than any one of the other methods you mentioned once the Microsoft and Yahoo Safelist Ip Address systems are put in place. They could very well just Highjack a bigname mailserver like an AOL server but again that would be more costly and dangerous towards their bussiness than just spoofing the Ip address.

However, the second form of Ip address spoofing that I mentioned probably isn't very reliable and probably could be easily fixed with a few changes in the RFC, so I don't know exactly how big of a problem that would be and full TCP/Ip spoofing can still be monitored by Sniffing programs which could already be in place.


Originally posted here by ShagDevil
In a case like this, even Reverse DNS is of no help in finding the culprit. The only give away, is that at some point in the email's traverse (the received fields in the header) there will be a real originating point for the email, in this case the open mail server that the spammer tapped in to (which in and of itself may be legit).
My point is that their is absoultely no real orginating point in a fully (TCP/IP: Spoof and Sniff) spoofed E-mail header or a SMTP RFC glitch that completely drops the real received headers. Everything would be fake. The only defense against this is that the routers use Anti-Spoofing Firewalls and some small countries like Cyprus don't have anti-spoofing Routers. Ready made spam programs that can fully spoof the Ip address are alot more common than they once were.

My point being that Yahoo Domain Keys and the like might not slow down spam as signifigantly as they planned and free e-mail could possibly suffer a great deal.