|
![](/i/fill.gif) |
On 4/7/2012 20:36, Patrick Elliott wrote:
> On 4/7/2012 2:56 PM, Darren New wrote:
>>> If the thing comes from a proxy, its obviously not from where ever it was
>>> sent from in reality. Might need some rules on whether its legal for the
>>> proxy itself to misrepresent itself as a) not in the chain, or b) a
>>> different source. But, once it leaves the proxy, there is still, in
>>> principle, a way to trace back the address, to the server it claims to
>>> come
>>> from, thereby finding that there is no way in hell the trace in the
>>> email's
>>> own path could match with the claimed source (but, that would require an
>>> automatic traceroute, and even doing that, from some machines, won't
>>> work in
>>> cases like Windows, where generating the packets needed in anything other
>>> than the control paths is **not allowed**, as a possible detected
>>> exploit,
>>> and where your ISP, modem, or something else, is denying those control
>>> commands).
>>
>> I don't think you understand how internet email routing works.
>>
> In principle, it works like any other protocol,
Generally not. There's still store-and-forward nodes, POP nodes, etc. And
indeed, not that long ago, UUCP nodes, bitnet nodes, TPC nodes, and etc.
> but, in principle, the
> message grows as it goes through each node, since it tracks where its been.
Yes, and generally that works, as long as you realize any initial subset of
routing hops could be forged.
> That is what exceptions are for. You might still have to check the trap, but
> it would be a "slightly" smarter trap. Right now, the trap tries to rely on
> blacklist data, and keyword identification,
If you want to do it at the ISP level, you can't really do a very good job
of keyword matching. Maybe you really *do* buy your viagra from an online
pharmacy. How do you check the trap if some other ISP has thrown away the
email before it even gets to you?
> "viagra", and if a few other words are there, its flagged, hence the moronic
> fact that those slip through, while Hotmail has **multiple** times actually
> flagged legit emails Origin, about things going on with Star Wars: KOTOR.
And that's the point. For 99.9% of the population, those keywords indicate
spam. For the 0.1% playing KOTOR, it does not. Hence, the ISP has to process
each mail message just in case.
--
Darren New, San Diego CA, USA (PST)
"Oh no! We're out of code juice!"
"Don't panic. There's beans and filters
in the cabinet."
Post a reply to this message
|
![](/i/fill.gif) |