[PLUG-TALK] Email is insecure...

[plug_0 at robinson-west.com]

How certain can you be of the connected from ip in postfix's 
maillog?

How do ip spoofing prevention methods work under Linux?  
Are you really at risk every time some person you talk to turns 
their email server off?  For attackers who try to send the 
appropriate packets to trick you into thinking you have 
successfully completed the three way handshake with a 
trusted host, how do you thwart them?  The host names I get
sometimes, along with some of the ip addresses I see, I'm
wondering if they lead to the actual computers that have 
been trying to hook to mine or not?  My pre filtering approach
of trying to build a black list based on ip addresses is highly
dependent on gathering quality information concerning which 
ip addresses are connected with problem mail sources.

Is ip spoofing an attack that works against Linux 2.4 systems?
What is the chance that a spammer will find an unused global
ip address and somehow manage to use it over the Internet?
Is ip spoofing common?  How widespread is it?




I've seen two extremes in the plug-talk discussion
on mailing list discrimination.
  
One extreme is make the plug and plug-talk lists 
look like they're are the friendliest lists on 
earth to yourself via manipulation by current and 
as of yet uninvented filtering software.  

The other extreme, I suppose, is trying to take 
plug and plug-talk over by hacking them.  

I have never talked about specific offensive words 
nor have I ever suggested that any proprosed post 
to plug or plug-talk a reasonable minded person can 
recognize as a personal attack against an individual 
or group should make these lists.  

A moderator who adopts the standard of, 
"no personal attacks through either of these lists," 
will be applying a reasonable filter.  

An alternative that might be more democratic is a 
voting system for all subscribers to plug and plug-talk.  
If you can vote that a thread is degrading to personal 
attacks and flaming, or vote to censor a person for a 
while, that has the potential to make the users of 
plug and plug-talk more of a community.  Right now,
someone can carry out a personal attack over plug 
and plug-talk without suffering any consequences.  
You aren't moderated off.  There is no community 
response, even though the personal attack happens 
in a public forum.  If the moderator moderates anyone
who might be considered a "problem poster," who is to
say that he/she isn't biased.  There's no 
moderator accountability.  Reminds me of 
judges who think and act like they are above the
law.  Like those judges in the Florida Supreme 
Court who are turning a blind eye to execution 
by starvation of a particular woman who has been 
in the news a lot lately.  I hope she gets her 
feeding tube back soon.

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/