STARTTLS and sp*m (was: Re: current usage of AAAA implicit MX?)
sm at resistor.net
Thu Apr 17 03:00:11 CEST 2008
At 09:17 16-04-2008, Tim wrote:
>To summarize what I mentioned before, the next step is to connect the
>DNS query event to the SMTP (or other) connection. My thesis was
>focused on using that information in spoofed attacks, since one normally
>has no information about the true source of a spoofed packet. Using
>these cookies, at least you can have a rough idea as to what DNS
>resolver they used to find you in the first place.
We don't see spoofed attacks generally in the SMTP world as most of
the traffic is to stuff people's inboxes with unwanted messages. If
you are seeking to protect an unpublished host, the above may be
useful as you can track down the DNS source.
More information about the ipv6-ops