Hi Mick, On Wed, Jul 17, 2019 at 09:50:47PM +0100, mick crane wrote: > I have wondered about this, the actual infrastructure. I've noticed that the > fiber optic cable is in places strung along with the electricity pylons. > Presumably if you could somehow attach to that then you could be anybody ?
Leaving aside the technicalities of splicing into an optical fiber link, in the context of email sending and "being anybody" I interpret your question as being alternatively phrased as: "if I gained access to some sort of backbone connection then could I pretend to be anyone, in email?" The answer is probably, "not really." Most of this email reputation stuff is operating on the source IP of the connection. With access to someone's network, you could possibly send packets from their IP address(es), and this is basically what happens when someone's device gets compromised and used for a spam run. The resulting fallout then affects their IP reputation. But you do not get to send packets of an *arbitrary* source IP just because you managed to tap into a fatter pipe¹. You get to use the IPs that you are assigned by your provider, or the provider of whatever network it is that you're connected to. Your Internet service provider may assign you IP addresses if you ask, though they may not offer this service or may charge a lot of money for it. You can always become your own service provider and go directly to a Regional Internet Registry for the IPs. For example, membership of RIPE, which covers Europe and some of Middle East and Africa, costs €1,400+VAT per year with a setup fee of an extra €2,000 in the first year. For this you currently get a /22 of IPv4 (1,024 addresses) and a /32 of IPv6 (or up to /29 if you need it, or even more if you can justify it). A /32 of IPv6 is 65,536 /48s, each of which you would generally assign to a site or a business, and each /48 is 65.536 /64s, which would be an individual network within that. As you can see that's a pretty big outlay, yet on a per address basis it's probably cheaper than getting your existing provider to assign you IPs, or rent servers or whatever. Going back to "being anybody", email of course doesn't have any security and you can put any From: address you like. That's why so much of email reputation is still focused on the source IP address and not the content. Parsing the content is expensive and comes later. Cheers, Andy ¹ A lot of networks don't have protections against spoofing, in that they allow packets to go out into the Internet with source IP addresses that do not correspond to what has been assigned to that network. This will not work for email however because email (SMTP) is a TCP service which requires a three way handshake to set up a connection. If you tried to initiate an SMTP connection with a forged source address, the communication from the server would route back to the real IP address and the IP stack of that device should reject it because it would know it was not something that it initiated. Forged source addresses are more commonly used for UDP-based denial of service. For example, I send a small request to a UDP server and forge your IP address as the source. The server sends a massive reply back to you, not me. You are crushed by the traffic. Some poorly-designed UDP services can enable 1,000x or more amplification of traffic. This has been done with NTP, DNS, portmapper, and lots of others. -- https://bitfolk.com/ -- No-nonsense VPS hosting
