Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: David Woodhouse
Date:  
À: Avleen Vig
CC: exim-users
Sujet: Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?
On Sun, 2004-03-21 at 13:57 -0800, Avleen Vig wrote:
> You seem to believe that it is valid for (example) somebody@??? to
> run an MTA on his local machine and send mail out with:
> mail from: sombody@???
>
> This should not be happening.


Wrong. That kind of thing has _always_ happened and always been
considered valid in the real world -- just not in the Brave New World of
SPF.

It happens especially in the case of mail forwarding, where
somebody@??? sends mail to one of my local users with a .forward
file, and then my system sends the mail on.

> This is the same behaviour as used by
> trojan MTA's which send spam. I believe they now account for the
> majority of spam sent outbound and am in the process of gathering the
> imperical data to back this claim up.


What would be the point in that? It shows nothing.

We _agree_ that spammers use faked addresses in reverse-paths without
the consent of the 'owner' of the address in question. The reverse-path
is, in that context, 'invalid' for the mail. I agree that some way of
rejecting these mails is useful.

But you have asserted that SPF does "FAR more than just verify the
sender's address". This is true -- SPF rejects a lot of valid email too.
You were asked to explain what else SPF does; be explicit about this
'FAR more' that it does, and why it's of benefit. You haven't done so.

--
dwmw2