Forums > Off the Beaten Path > help! seriously, i have a technical problem. thanks.
Unless you assume the X-Received header is being signed with a secured key, you're still placing your trust in text that came in from the internet, from an entirely unknown source. That's the kind of trust that is the failure of the entire SMTP model. Refer any talk by Bruce Schneier on assumptions...
Okay I was always under the impression that with the way routing worked; TCP, requiring a packet to be successfully sent bidirectionally before payload can be sent, is not able to be spoofed for a full connection without a compromise in the route itself, which would definitely be within the realm of possibility, but with the way X-Received stacks with mail routing (as opposed to IP routing above), multiple routes would have to be compromised in order to spoof all of the X-received links upon the mail hop chain. I'm probably wrong though.
I haven't talked to Bruce in a while though, not sure why that's important. He's not exactly a mail or TCP/IP expert. Not trying to downplay him as he is a true visionary in his area of expertise. Real smart and down to earth guy too. We signed a pretty big deal with his company and I made sure that one of the requirements was that he come and have dinner with us .
MTA: I'm disregarding the theory of the the forger being on the same layer 2 segment as R2E. I think that's pretty unlikely.
CyclingAHEAD until 2012
Giddyup.
The call came from inside the house.
Ultima tastes like failure.
I am interested in R2Emailmania, less what it says about her, more what it says about us.
Why are we transfixed by R2E's email at this historical moment?
Answers, please.
Tomorrow never comes. Eventually never happens. Today. Now. Shut up and start.
verwelkoming! after reviewing the headers, i believe the emails are originating in the netherlands. in the end, the emails were "from" the authentic email address [Return-Path is valid] but they bounced around a lot before that and are obviously spam ["Perhaps it’s one of the most interesting sites I have ever visited!.."].
verwelkoming!
after reviewing the headers, i believe the emails are originating in the netherlands. in the end, the emails were "from" the authentic email address [Return-Path is valid] but they bounced around a lot before that and are obviously spam ["Perhaps it’s one of the most interesting sites I have ever visited!.."].
the unrunner
if you don't run, you'll rust. [tom petty] ..... i just wanna get back on track, even if it kills me. [motion city soundtrack] ..... if i only could be running up that hill, with no problems. if only i could, be running up that hill. [kate bush] ..... still running in place [alkaline trio] ..... at least i'll try and run, and run tonight, everything will be alright [the killers] ..... don't give up the distance. [flavio the magnificent]
What does Tunis make?
Okay I was always under the impression that with the way routing worked; TCP, requiring a packet to be successfully sent bidirectionally before payload can be sent, is not able to be spoofed for a full connection without a compromise in the route itself, which would definitely be within the realm of possibility, but with the way X-Received stacks with mail routing (as opposed to IP routing above), multiple routes would have to be compromised in order to spoof all of the X-received links upon the mail hop chain. I'm probably wrong though. I haven't talked to Bruce in a while though, not sure why that's important. He's not exactly a mail or TCP/IP expert. Not trying to downplay him as he is a true visionary in his area of expertise. Real smart and down to earth guy too. We signed a pretty big deal with his company and I made sure that one of the requirements was that he come and have dinner with us . MTA: I'm disregarding the theory of the the forger being on the same layer 2 segment as R2E. I think that's pretty unlikely.
My point was, if I remember it, (and it should be noted that my mind is decaying even more quickly, with both age and running working against it), that fundamentally, X-Received tags are just text in the body, so the malicious user can put a whole pile of invented ones in, purporting to be from any "supposedly trusted" source or otherwise. So a malicious user can inject an entirely forged email, with an entirely invented chain of X-Received stamps, directly to the last mail relay. But I do see your point, that if that last mail relay is local, its X-Received stamp is a lot more reliable - good point.
However, wasn't R2E sitting in some internet cafe in Amsterdam somewhere, sending web email, so the last mail relay would be some unknown machine at the web mail host's facility?
It's a 5k. It hurt like hell...then I tried to pick it up. The end.
i am attempting to update my iphone's OS, but i seem to be stuck on backup island.
backup is the first step of update, so i click update, and then the backup sets off on its 3-hour tour (3-hour tour...). each time the backup is complete, the update does not occur, so i click update again (why do i keep doing that??), and the backup starts again. i am well backed up, but none of these 3-hour ventures into backupland are netting me the new OS.
i am on my 3rd backing upping. how do i proceed to the actual OS update? professor? mary anne? anyone?
Doughboy
gilligan@apple.com any help? mind you, i do not own an iphone.
Is it a timezone problem? Did you forget to adjust the timezone between Holland and the States?
My point was, if I remember it, (and it should be noted that my mind is decaying even more quickly, with both age and running working against it), that fundamentally, X-Received tags are just text in the body, so the malicious user can put a whole pile of invented ones in, purporting to be from any "supposedly trusted" source or otherwise. So a malicious user can inject an entirely forged email, with an entirely invented chain of X-Received stamps, directly to the last mail relay. But I do see your point, that if that last mail relay is local, its X-Received stamp is a lot more reliable - good point. However, wasn't R2E sitting in some internet cafe in Amsterdam somewhere, sending web email, so the last mail relay would be some unknown machine at the web mail host's facility?
Yeah, you can always add more SMTP headers containing whatever you want. You could have a header called Bacon: with the value being Delicious. But the MTA going out will then add it's own X-Received for each hop. And you can't change the order of those once the mail is being routed.
© 2012 RunningAHEAD.com. All rights reserved. | Privacy