ChrisDAT
Google Keyword Compsysnyc
join:2002-02-26
Hollis, NY
|  We'll see...
I am skeptical if this scheme will do anything to stop all of the spam that is generated by virus infected and hijacked machines that will have the proper "credentials" to negotiate communications with a "domain-keyed" mail server.
I think the idea is a good one nonetheless, at least it will make it more difficult for "anyone" to pose as "anyone" for the purpose of sending junk mail, or viruses, or worms... It will certainly seperate the men from the boys with respect to spam, and kick up mail validation [certification?] a notch or two. |
|
graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
| In order to have valid credentials that are going to be checked, you have to:
Have a registered domain,
Be in control of that domain,
Have a DNS server that is authoritative for the domain,
Have a mail server with the correct MX record and credentials in DNS, and
Be in control of that DNS server in order to place the credentials into it.
I don't see how a virus compromised machine is going to be able to come up with all of that. |
|
ChrisDAT
Google Keyword Compsysnyc
join:2002-02-26
Hollis, NY
| Virus compromised and Hijacked machines can run an application that will have access to the PCs registry and applications in the same way the PC owner's mail application does, many of the hijacks actually use the same mail application using the user's configured authentication data to send mail to the same SMTP server [their ISP] that the user would use in sending an e-mail to mom.
Execute Arbitrary Code -- means the bad app. can do anything at all that the unfortunate user can do on their PC while posing as them. What should get your attention is that in addition, the bad app. also has access to all of the information on the PC's hard disk[s] AND all of the attached network [LAN and Internet] resources that the PC has access to.
It's no joke. The worst part is that these critters can infect and thus compromise your PC via your internet connection as a worm -- no e-mail involved here. |
|
JimF
join:2003-06-15
Allentown, PA
|  reply to graysonf
Don't they mean a virus (i.e., backdoor) compromised client machine, not a virus compromised SMTP server? The spam would then be like any legitimate email from that client machine insofar as SPF was concerned, but at least it would be traceable to that client. |
|
graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
| reply to ChrisDAT
Well, I think if you look at the vast majority of the recent virii out there today, they don't work the way you say.
They have their own bundled in SMTP engines, and send mail directly to the victim's mail server. The reason they do that is to avoid having ISPs notice huge loads of outgoing mail pouring off their SMTP servers. The ISP won't know anything about the problem until complaints about the direct SMTP abuse arrive.
This is also why many ISPs now block all outgoing connections to port 25 except to their own SMTP servers. Doing that prevents direct SMTP abuse altogether.
But, as you suggest, there is nothing to prevent a virus from looking into a mail client application to determine how it is configured to send mail (out thru the ISP's SMTP server) and just use it, unless SMTP auth is used with a hashed password. But that will be more noticeable by the ISP and doesn't rely on complaints coming back to be detected and halted. |
|
