Re: sending mail via a script
Hi Mick,
On Wed, Jul 17, 2019 at 09:50:47PM +0100, mick crane wrote:
> I have wondered about this, the actual infrastructure. I've noticed that the
> fiber optic cable is in places strung along with the electricity pylons.
> Presumably if you could somehow attach to that then you could be anybody ?
Leaving aside the technicalities of splicing into an optical fiber
link, in the context of email sending and "being anybody" I
interpret your question as being alternatively phrased as: "if I
gained access to some sort of backbone connection then could I
pretend to be anyone, in email?"
The answer is probably, "not really." Most of this email reputation
stuff is operating on the source IP of the connection. With access
to someone's network, you could possibly send packets from their IP
address(es), and this is basically what happens when someone's
device gets compromised and used for a spam run. The resulting
fallout then affects their IP reputation.
But you do not get to send packets of an *arbitrary* source IP just
because you managed to tap into a fatter pipe¹. You get to use the
IPs that you are assigned by your provider, or the provider of
whatever network it is that you're connected to.
Your Internet service provider may assign you IP addresses if you
ask, though they may not offer this service or may charge a lot of
money for it. You can always become your own service provider and go
directly to a Regional Internet Registry for the IPs. For example,
membership of RIPE, which covers Europe and some of Middle East and
Africa, costs €1,400+VAT per year with a setup fee of an extra
€2,000 in the first year.
For this you currently get a /22 of IPv4 (1,024 addresses) and a /32
of IPv6 (or up to /29 if you need it, or even more if you can
justify it). A /32 of IPv6 is 65,536 /48s, each of which you would
generally assign to a site or a business, and each /48 is 65.536
/64s, which would be an individual network within that.
As you can see that's a pretty big outlay, yet on a per address
basis it's probably cheaper than getting your existing provider to
assign you IPs, or rent servers or whatever.
Going back to "being anybody", email of course doesn't have any
security and you can put any From: address you like. That's why so
much of email reputation is still focused on the source IP address
and not the content. Parsing the content is expensive and comes
later.
Cheers,
Andy
¹ A lot of networks don't have protections against spoofing, in that
they allow packets to go out into the Internet with source IP
addresses that do not correspond to what has been assigned to that
network.
This will not work for email however because email (SMTP) is a TCP
service which requires a three way handshake to set up a
connection. If you tried to initiate an SMTP connection with a
forged source address, the communication from the server would
route back to the real IP address and the IP stack of that device
should reject it because it would know it was not something that
it initiated.
Forged source addresses are more commonly used for UDP-based
denial of service. For example, I send a small request to a UDP
server and forge your IP address as the source. The server sends a
massive reply back to you, not me. You are crushed by the traffic.
Some poorly-designed UDP services can enable 1,000x or more
amplification of traffic. This has been done with NTP, DNS,
portmapper, and lots of others.
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Reply to: