Re: There needs to be an international policy
From: Pidgeot (Pidgeot_at_discussions.microsoft.com)
Date: 04/10/05
- Next message: Vanguard: "Re: lets vote for better security"
- Previous message: Lanwench [MVP - Exchange]: "Re: Password protection software"
- In reply to: George Hester: "Re: There needs to be an international policy"
- Next in thread: George Hester: "Re: There needs to be an international policy"
- Reply: George Hester: "Re: There needs to be an international policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 10 Apr 2005 11:11:02 -0700
Thing is, the benefactor doesn't have to be anywhere near the server that
he's linked to. How do you know if all of those Chinese domains are owned by
Chinese people? They may just as well have been bought by an American.
"George Hester" wrote:
> All I can say N is that to me the source is the entity which benefits from its use. No e-mail server is going to benefit from an e-mail. But the spammer's link in the spam is. Hence that's the source in my book.
>
> --
> George Hester
> _________________________________
> "N. Miller" <anonymous@discussions.microsoft.com> wrote in message news:MPG.1cc11a4f3bd6370098a79f@msnews.microsoft.com...
> > In article <#B##S8HPFHA.508@TK2MSFTNGP12.phx.gbl>, says...
> >
> > > "N. Miller" <anonymous@discussions.microsoft.com> wrote in message
> > > news:MPG.1cc08ba61c94949898a78d@msnews.microsoft.com...
> >
> > > > In article <Oc99iiFPFHA.3356@TK2MSFTNGP12.phx.gbl>, says...
> > > > Those are not "relay servers", they are proxy clients. The only connection
> > > > that they have with the SMTP service is that they inject the message into
> > > > that service. Technically, any open proxy connecting to my MTA is a
> > > > "Message Submission Agent".
> >
> > > That depends on the proxy. A "CERN Compliant HTTP Proxy", which many are,
> > > are only capable of HTTP, HTTPS, Read-Only FTP, and Gopher. But none the
> > > less, "proxys" are effectively what I meant by "relay servers",...and SMTP
> > > server sends directly to the destination so any open SMTP server would
> > > likely be the last one listed just before the one that you received the Spam
> > > on.
> >
> > SMTP clients send, SMTP servers receive. Find the open SMTP server in these
> > headers, which are typical of what I see:
> >
> > > Received: from 207.115.57.51 (EHLO ylpvm20.prodigy.net) (207.115.57.51)
> > > by mta823.mail.sc5.yahoo.com with SMTP; Fri, 08 Apr 2005 16:16:20 -0700
> > > X-Originating-IP: [24.241.115.78]
> > > Received: from 37.com (res-24-241-115-078.spa.sc.charter.com [24.241.115.78])
> > > by ylpvm20.prodigy.net (8.12.10 083104/8.12.10) with SMTP id j38NG9vC029327
> > > for <***@pacbell.net>; Fri, 8 Apr 2005 19:16:14 -0400
> >
> > There is no open SMTP server in those headers, just an open proxy, according
> > to:
> >
> > http://www.openrbl.org/ip/24/241/115/78.htm
> >
> > The proxy is acting in the same manner as MS Outlook Express, Mozilla
> > Thunderbird, or even the Mercury SMTP Client (relay version) component of my
> > Mercury Mail MTA. Message Submission agents. SMTP clients. The only SMTP
> > servers present are not open, they are, respectively, an MX:
> >
> > ylpvm20.prodigy.net, which relays to an MDA:
> >
> > mta823.mail.sc5.yahoo.com
> >
> > The open proxy is the relaying agent, connecting to my ISP's MX server.
> >
> > > > And you are right about the source being masked.
> >
> > > Which was my main point.
> >
> > Which is not George's point, since he claims to know the source of the spam.
> > My contention is that the source can't be known, and is equally likely to be
> > a UUNet connected computer controlling the Charter customer's open proxy as
> > any foreign hosted computer. Since I can't pursue the source beyond the open
> > proxy, for all intents and purposes, the open proxy is the source.
> >
> > --
> > Norman
> > ~Win dain a lotica, En vai tu ri, Si lo ta
> > ~Fin dein a loluca, En dragu a sei lain
> > ~Vi fa-ru les shutai am, En riga-lint
>
>
- Next message: Vanguard: "Re: lets vote for better security"
- Previous message: Lanwench [MVP - Exchange]: "Re: Password protection software"
- In reply to: George Hester: "Re: There needs to be an international policy"
- Next in thread: George Hester: "Re: There needs to be an international policy"
- Reply: George Hester: "Re: There needs to be an international policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
