A simple test for email via IPv6
Philipp Kern
phil at philkern.de
Tue Apr 30 11:41:45 CEST 2013
On Tue, Apr 30, 2013 at 02:32:59AM -0700, Ted Mittelstaedt wrote:
> Here is a transcript of me spamming myself with your script. Notice
> that your script does NO error checking. I transmitted the mail
> message from the Internet Partners public mailserver with my Gmail
> address forged as the senders address and your script happily delivered
> it to my Gmail address.
>
> I hope this adequately demonstrates the potential for abuse. If
> not, imagine if I was a malevolent attacker who wanted to fill up
> someone's Gmailbox with thousands of "Congratulations from v6net.ru"
> mail messages.
Sure, but that's also possible by the spammer connecting directly to
your mail-in or by using any other autoresponder on the net. Now it's
possible that they did not implement throttling like sane autoresponders
do, but that's not what you wrote.
Even though gmail.com does have SPF records set they have a neutral
catch-all. Sender policies also do not say that everything has to be
DKIM-signed so I'm not sure at what kind of checking you are pointing
at.
It's technically not an open relay in any case.
> I know we're all excited about IPv6 but the problem is that way too
> many people are implementing it without any firewalling, or filtering
> or anything. Please don't think that the spammers are stupid.
I'm not sure how this relates to the problem at hand, except for
pushing the filtering agenda.
Kind regards
Philipp Kern
More information about the ipv6-ops
mailing list