Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Avleen Vig
Date:  
À: David Woodhouse
CC: Avleen Vig, exim-users
Sujet: Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?
On Sun, Mar 21, 2004 at 09:17:40PM +0000, David Woodhouse wrote:
> I don't understand. SPF attempts to give you some confidence that the
> reverse-path on the mail is valid, and being used with the consent of
> the sender. It does so by making the flawed assumption that mail from a
> given address will originate only from certain IP addresses.
>
> My point is that there are better ways of verifying that the sender's
> address is valid for the mail in question. You seem to claim that this
> isn't sufficient, and that SPF gives you something more useful than
> that.
>
> Please demonstrate a case where spam is blocked by virtue of the fact
> that SPF detects that "the relay machine is not an authorized outbound
> relay", yet the sender address _is_ valid for the mail in question.


A ha, now we're getting somewhere. The flawed assumption is on your
side of the argument (I think).
You seem to believe that it is valid for (example) somebody@??? to
run an MTA on his local machine and send mail out with:
mail from: sombody@???

This should not be happening. This is the same behaviour as used by
trojan MTA's which send spam. I believe they now account for the
majority of spam sent outbound and am in the process of gathering the
imperical data to back this claim up.

SPF is NOT just to verify the authenticity of the alleged sender. SPF
used to stand for "Sender Permitted From" but no longer does. This may
be why you are thinking this (old) way.

If you use a particular domain name in the env-from, it is NOT
unreasonable under any scenario for you to not use a legitimate
authorized relay for that domain. SMTP AUTH exists for a reason.