On Tue, Mar 26, 2013 at 6:43 PM, Jay Ashworth <jra@baylink.com> wrote:
----- Original Message -----
From: "Mark Andrews" <marka@isc.org>
If you are with a ISP that does not practice BCP 38 are you willing to risk your neck that you won't be subject to a "aiding and abetting" charge? All of us here know that spoofing address like this is a criminal activity. We are all experts in the field and the courts apply higher standards to us than they do to Joe Blogs. We know machines get compromised. We know how to block spoofed traffic from compromised machines.
Careful: source address spoofing, like using a name you don't have on your driver license *is not inherently a crime*. *Fraudulent behaviour which is advanced thereby* makes it an additional crime.
SAS is sometimes necessary for testing.
An argument could be made that "...fraud is fraud, is fraud, is fraud..." and should vigorously discouraged. :-) - ferg -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com