Hi !!
>>>Wrong. You just use SRS to do it -- so instead of sending
>>>MAIL FROM:<victim@???> you'd send instead something like
>>>MAIL FROM:<SRS0+xx+yy+abused.net+victim@???>
>>
>>well, now you are not forging abused.net, you are forging a comcast.net
>>address
>
> That's a completely arbitrary technical distinction which has absolutely
> no meaning in _practice_.
well, when you fake RS0+xx+yy+abused.net+victim@??? no bounce
will reach victim@??? as a) comcast does not implements srs and
rejects the bounce with a 'unknown user' or b) comcast implements srs
and rejectes the bounce because it has detected that that srs envelope
sender was not generated by them. In all cases the victim will not
receive the bounces generated by forged messages, nor it's server will
be collapsed dealing with the bounces.
--
Best regards ...
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david@???
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------
