Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SPAM blocking for spoofed IP addresses 2

Status
Not open for further replies.
logbook

logbook

Technical User
Feb 10, 2004
5
GB
I get SPAM from companies which appears to come from different people, but is evidently all coming from a few particular companies. Clearly they are spoofing their IP address and even reviewing the message headers does not reveal a true source point. As an ‘outsider’ I can’t understand why this is such a problem to deal with.

My understanding of the system is that an email gets split up into small packets which can travel by any route to the final recipient ISP. The recipient server reassembles the message from the packets and delivers it to the account holder. If a packet gets lost on the way the recipient server would ask the sender for a re-transmit. Now if the sender’s IP address has been spoofed then this re-transmit cannot get actioned and the message would not get completed. Presumably the message gets deleted after some suitable time-out period.

The most obvious solution is then for the recipient ISP to deliberately throw away a packet from each incoming message in order to force a re-transmit. This gives a low-level automatic verification that the sending address is valid.

The fact that this obvious remedy is not being used suggest that my understanding of the low level TCP/IP system is inadequate. Perhaps somebody would be so kind as to point out what I am missing.
 
Sort by date Sort by votes
I think you're over-thinking the problem. Spammers aren't using IP "spoofing" in it's normal sense. They just use IP addresses of servers that don't belong to them -- either hijacked user machines, or open relays or proxies.

They'll frequently add junk headers into the e-mail so it appears to be routed differently from how it actually was, but it's not terribly complex.

True IP spoofing is quite complicated in today's world.
 
Upvote 0 Downvote
jpm121 is right. IP spoofing is correct. Corrupting a DSL connected Windoze box and spewing spam through it with hacked trojan software is no problem at all.



Surfinbox.com Business Internet Services - National Dialup, DSL, T-1 and more.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Tony Richie
  • Locked
  • Question
SHR channels versus DED channels in MVS IO config for Teradata Connection
Replies
0
Views
118
Tony Richie
Tony Richie
shriram_d
  • Locked
  • Question
TCP/IP protocol
Replies
2
Views
162
jamesmorgan007
jamesmorgan007
DrB0b
  • Locked
  • Question
IP Spoofing for Good? Quick question....
Replies
0
Views
89
DrB0b
DrB0b
gergerdotcom
  • Locked
  • Question
keeps blinking but no IP detected 1
Replies
4
Views
153
gergerdotcom
gergerdotcom
DrB0b
  • Locked
  • Question
FTP Issues with customers, looking for some insight
Replies
4
Views
126
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top