|
![](/i/fill.gif) |
On 4/7/2012 2:56 PM, Darren New wrote:
>> If the thing comes from a proxy, its obviously not from where ever it was
>> sent from in reality. Might need some rules on whether its legal for the
>> proxy itself to misrepresent itself as a) not in the chain, or b) a
>> different source. But, once it leaves the proxy, there is still, in
>> principle, a way to trace back the address, to the server it claims to
>> come
>> from, thereby finding that there is no way in hell the trace in the
>> email's
>> own path could match with the claimed source (but, that would require an
>> automatic traceroute, and even doing that, from some machines, won't
>> work in
>> cases like Windows, where generating the packets needed in anything other
>> than the control paths is **not allowed**, as a possible detected
>> exploit,
>> and where your ISP, modem, or something else, is denying those control
>> commands).
>
> I don't think you understand how internet email routing works.
>
In principle, it works like any other protocol, but, in principle, the
message grows as it goes through each node, since it tracks where its
been. Its also possible to route it specifically, but that is *way* over
most people's heads.
>> But, yeah, its hardly "impossible" to at least figure out where the
>> hell it
>> comes from,
>
> It really is, if you want to do it reliably without breaking all email
> systems currently deployed.
>
That is what exceptions are for. You might still have to check the trap,
but it would be a "slightly" smarter trap. Right now, the trap tries to
rely on blacklist data, and keyword identification, using programs that
are, fundamentally, quite stupid (as in not even using halfway decent
AI, which might have some limited capacity to guess whether the word
viagra is someone trying to sell it to you, or your friend, telling you
about needing to go to the hospital, because they took too much of it.
All the program knows is "viagra", and if a few other words are there,
its flagged, hence the moronic fact that those slip through, while
Hotmail has **multiple** times actually flagged legit emails Origin,
about things going on with Star Wars: KOTOR.
From a human perspective, that the later seems to be a possibly threat,
while the former changes less than 1-2 words, between emails, but always
makes it through the filters, is just... WTF?
Post a reply to this message
|
![](/i/fill.gif) |