Re: Thanks Idiots! - dslreports.com

Author	All Replies
Steve Security is inefficient Consultant join:2001-03-10 Tustin, CA	reply to Camelot One Re: Thanks Idiots! said by Camelot One : I am in the same boat. This will prevent all users from being able to say, send email from their work address at home. Anyone with a Road Runner accoun tfor example can only send email from their rr email address. Stupid. Just plain stupid. What's stupid is that Road Runner even considers the "From" address when relaying email - this is no kind of security (I understand Verizon did this too, perhaps they still do). If the source IP address is from a "trusted" source - from within RoadRunner's own network - there is no good reason for disallowing users to include any From: address they wish, including valid work addresses. An ISP that blocks outbound 25/tcp and limits users to the @isp.net From address is doing a bad thing. Steve -- Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site
	to forum · permalink · · 2004-01-29 13:49:12 ·
keith2468 Premium,MVM join:2001-02-03 Winnipeg, MB	That is what REPLY-TO/reply address is for quote: I am in the same boat. This will prevent all users from being able to say, send email from their work address at home. Anyone with a Road Runner accoun tfor example can only send email from their rr email address. That is what the REPLY-TO (in OE accounts, the "reply address") is for. SENT-BY (FROM or, in OE accounts, the "email address") is formally supposed to be the email address on the ISP the computer is actually on. As noted by another poster, only a few ISPs check this. ISPs should not be limiting the REPLY-TO (unless maybe the customer has been a problem), but to follow the original intent of the standards, they all should have been limiting the SENT-BY. My personal feeling is that ideally such filtering (port 25, spam, email virus) should a user configurable, and default to filtering for new accounts. I think the problem is technical: 1. It increases overhead to add a bunch of individual IP addresses to port blocking rules in the router. 2. There is a bit of manual effort involved in updating the rules for individual customers. It isn't dumb users that are responsible for "reduced functionality", it is the hackers and spammers who exploit them.
keith2468 Premium,MVM join:2001-02-03 Winnipeg, MB	to forum · permalink · · 2004-01-29 16:52:33 ·
Steve Security is inefficient Consultant join:2001-03-10 Tustin, CA	said by keith2468 : That is what the REPLY-TO (in OE accounts, the "reply address") is for. SENT-BY (FROM or, in OE accounts, the "email address") is formally supposed to be the email address on the ISP the computer is actually on. Says who? This premise cannot possibly hold water, and it's hard to even know where to start. First, and most broadly, your online identity is anything you want it to be, and in my book, you "are" any email address to which you have valid access to the mailbox. This gives me probably a half a dozen email addresses, none of which is the "real" address unless I say one of them is. Second, many people purchase IP services with the sole intent of routing IP packets, and they do not buy into the additional services (email, web space, home page) that the ISP may offer. I have PacBell DSL, but as far as I know I don't have a @pacbell.net email address. Finally, there is no required connection between "email address" and "physical location" - otherwise this premise would play havoc with the salesman on the road: does he get a new "Sent-From" email address in every hotel? Steve -- Stephen J. Friedl Security Consultant * Tustin, California USA * my web site
	to forum · permalink · · 2004-01-29 18:54:26 ·


Saturday, 30-Aug 02:46:27	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9 years online! © 1999-2008 dslreports.com. page compression OFF