Thread: Yet another reason to Hate AOL
View Single Post
  #11  
Old July 5th 04, 09:59 PM
external usenet poster
  
Posts: n/a
Default
On Mon, 5 Jul 2004 00:19:01 -0700, "Peter Duniho"
wrote:

You can use tracert to get a pretty good idea of how many servers also get
to look at the data. It's almost never just your server and the recipient's
server. Nearly all of the time, a spammer's server is not in the middle.
But there's no way to guarantee that one's not, and it DOES happen that one
is now and then.

Perhaps the term router and server have been misapplied here?

Traceroute shows you how many devices are routing your data packet
between your PC and some destination. Some of those are firewalls,
some of those are routers, some of those are combination
firewall/routers. Unless specially configured, they do not look
beyond the IP datagram header (IP it came from, IP it's going to)
fields, and act in function like an envelope going through the mail.
Even though your letter goes through a bunch of post office facilities
and trucks, some of which might do some cursory examination to see if
there's anything hazardous inside the envelope, they don't look at the
contents of the envelope. Is the contention that spammers are
gathering email addresses through the routine opening of email
*content* that is somehow being re-routed through a link they own in
the path between you and the person you're communicating with? Or are
we taking about them somehow hijacking MX records to open, read, and
then forward along routine email going from place to place?

When sending an email you (assuming Windows and a POP derivative like
Outlook or Eudora, not Unix with sendmail and PINE etc) open a
connection from your PC to your outbound mail server. That server
looks at the email destination address(es) and then creates an
envelope, addressed to the destination party's mail server (post
office). Your outbound server then opens a connection directly to
that destination's server. The path your envelope takes between your
server and that server depends on who your ISP buys connections to and
whatever routing rules they have applied for outbound traffic. The
envelope is not normally opened between those two points by any "hop"
shown by traceroute. By the time you get up to things like qwest.net,
level3.net, bbnplanet.net, etc you're talking OC192 fiber-optic
connections (about 10gb/s if memory serves) and to attempt packet
sniffing on that kind of connection (which carries *all* traffic, not
just email - newsgroups, web, games, etc) just to find out someone's
to: or bcc: list would be so CPU intensive that you wouldn't be able
to effectively use the bandwidth you're paying rediculous amounts of
money to the phone company for.