Slashdot Mirror
Internet Vigilante Justice, SPAM, and Copyrights
pdw writes "An interesting article about how vigilante justice on the Internet by anti-spam advocates can be just as threatening to the Internet as those proposed for copyright advocates."
← Back to Stories (view on slashdot.org)
How had it gained access to my mail server? Simple. It had forged the headers on its email to convince my mail server that the email it sent was from a permitted user.
One word: Authentification.
You see, my mail servers were set up to pass mail only from a domain name of which I am the only user. It blocks everything else. That's not an open relay. Unless you're a user in my domain, you can't use it.
Uh, it may not be a totally open relay in the literal sense of the word, but surely that still means it can be used to send spam, as long as the spammer figures out who to identify himself as - and if the Danes could do it, then it can't be that hard?
Any spam-block that relies entirely on the "from:" header is broken by design. What, spammers disguise their identities? Never!
However, the reason to not do this is that it's insecure. A large percentage of the spam I receive claims to be from the domain that it's being sent to, so his system would happily relay it.
The second reason should trump the first reason, but obviously if you're a clue resistant lawyer with a chip on your shoulder, it doesn't.
For those who appreciate irony, consider this --
He's basically written this big diatribe, which to spammers says `hey! you can relay through my mail server!' ... so a spammer finds it, and forges their spam to allow it to go through it, and uses it to spam the world. Then somebody gets flooded with these spams, and sues our friend Bret. They can even use his article as evidence that his mail server was open and he knew it, but that he refuses to secure it.