NNSquad - Network Neutrality Squad
[ NNSquad ] Re: Port 25 spoofing and e-mail security/privacy issues
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In message <200802182225.m1IMPKP5010205@chrome.vortex.com>, Lauren
Weinstein <lauren@vortex.com> writes
>ISPs who are reportedly spoofing SMTP port 25 to divert input
>e-mail traffic to the ISPs' own servers, preventing the e-mail from reaching
>the addressed customer e-mail input servers
>( http://forums.pfir.org/main/messages/714/828.html?1203372718 ).
ISP usually deploy this scheme to merely prevent spam -- and so the rest
will pass through and will reach the addressed person just fine.
It doesn't work for people who check certificates, they spot that the
wrong end-point is reached, but in practice no-one ever does that !
In the UK, FreeServe (now after several name changes called Orange) have
been using one of these systems for over 10 years -- they were the first
"free" (ie pay only for your phonecall) dialup provider in the UK and
had millions of customers.
FreeServe have always been interested in a quiet life (their income was
limited, so they had to control costs very tightly) and having end users
sending spam (or having no tracking of how much is sent) is a good way
of making ones life quite noisy!
>While this particular person appears not to be especially troubled by this
>behavior, such diversions could trigger obvious security and privacy
>concerns.
If you don't trust your ISP not to read your email (whether it goes
through a server or not), then you're in pretty bad shape already :(
- --
Dr Richard Clayton <richard.clayton @ cl.cam.ac.uk>
Computer Laboratory, University of Cambridge, CB3 0FD
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBR7oXm5oAxkTY1oPiEQJL0gCeLhmUlvPQmcfCrmwHuVpnDrFJUMwAn2id
6h/8aGAuZ1tL1nnH6Dfg0RNo
=khWY
-----END PGP SIGNATURE-----