http://www.dslreports.com/forum/r8549651 en Tue, 24 Nov 2009 12:42:33 EDT Tue, 24 Nov 2009 12:42:33 EDT http://www.dslreports.com/forum/remark,8549651 Alabaster : Hah, they can try to tax my Canadian account. Come on, this is just an excuse for another tax grab, it's not to control spammers.]]> http://www.dslreports.com/forum/remark,8549651 Wed, 19 Nov 2003 18:43:45 EDT http://www.dslreports.com/forum/remark,8549577 sdd75 : Email accounts aren't really 'zombied' or 'hijack' per say, but are more accurately 'spoofed'. The problem with SMTP is it is a Simple Mail Transport Protocol. All it does is relay. Initially SMTP has no security built in to it. In a sense I guess the protocol still doesn't. Some servers can be configured to mimic security. They can be set to only relay if either the source or the destination is within a certain ip address range. (That's why some ISP's require you to use an alternate SMTP server if you connect off their network.) Other tricks include requiring users on the local network to authenticate or use encryption,(ESMTP) but allow incoming to relay to the pop server without such security. This lack of security is compounded by the fact that SMTP is just as much a client as a server in the traditional client-server relationship. The way it works is the client sends a message to an SMTP server (presumably source ISP), which in turn sends the message along to another SMTP server (presumably destination ISP), then to a MTA (typically a POP or IMAP server) which stores the message for later retrieval. (notice SMTP did not store the message. That's how simple it is.) This simplicity is why a virus can send email without your account's user name and password. The code is compact, and authentication isn't implemented. The SMTP server doesn't distinguish one client from another. In fact, the only way it can tell it's a client versus another SMTP server is if the source is from the local network or not. Beyond that, SMTP simply trusts the information is accurate. That said, what's to stop someone else from sending an email via SMTP and simply lying about the source email address? The answer is nothing. Consider this simple test of an SMTP server:

telnet smtp.yourisp.net 25
helo yourisp.net
mail from: myname@yourisp.net
rcpt to: someoneelse@anotherisp.com
data

This is just a test.
.
quit

Why would someone lie, and put your email address there? Simply put, they are trying to bypass another security feature implemented by isp's. Some isp's are performing a reverse-dns to query if the source domain actually exists before relaying. If a spammer uses an account from that domain, then it exists. Then all of the messages sent to an invalid account are returned by the local ISP to the address spoofed. Now your inbox is 'spammed' with undeliverable messages you didn't send. (email viruses will also cause this.)]]> http://www.dslreports.com/forum/remark,8549577 Wed, 19 Nov 2003 18:35:44 EDT http://www.dslreports.com/forum/remark,8548781 Omega : how could they tax free email?

even if all US mail was sign up, anyone could go international.
--
"The doctor's X-Rayed my head and found nothing"]]> http://www.dslreports.com/forum/remark,8548781 Wed, 19 Nov 2003 17:09:37 EDT http://www.dslreports.com/forum/remark,8547783 daniyel : Do ISP's they just send your TLD a bill to the domain contact..

I dont see how this will curb spam....spammer can just as easily hi-jack a paying account and send from there..

love it :(]]> http://www.dslreports.com/forum/remark,8547783 Wed, 19 Nov 2003 15:29:20 EDT