Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Avleen Vig
Data:  
Para: David Woodhouse
CC: exim-users
Asunto: Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?
On Sun, Mar 21, 2004 at 11:01:01PM +0000, David Woodhouse wrote:
> > I'm sorry to say this, but a minor inconvenience for
> > you is not a big deal. There are solutions for the forwarding problem
> > (which is really the only thing left people can use against SPF) and
> > that are not hard to implement.
>
> There isn't a coherent solution to the forwarding problem which is worth
> the supposed benefit that SPF offers. A minor inconvenience for me _is_
> a problem, because it's the same minor inconvenience for _everyone_ who
> the SPF-advocates need to upgrade to SMTPv2 -- and that basically means
> it's not going to happen, I suspect.


My point was simply that the number of people this impacts is
infinitesimal compared to the number of people SPF can benefit. I *am*
one of those people, but I know when it's important to make extra effort
for the greater good. It's called being a good Internet neighbour.

> > I was sure I had explained it in how it disallows mail from unauthorized
> > sources. This is more than verifying the sender address - it is
> > verifying the legitimacy of the relay itself. If most spam comes from
> > illegitimate relays, SPF does "far more" than just verify the name of
> > the sender.
>
> You still don't say why this is a _good_ thing. We know why it breaks --
> but how does it _help_?
> Please give an example of a spam which would be stopped by SPF but _not_
> by other methods of verifying that the address in the reverse-path
> really is controlled by the actual sender of the mail.


Pick any virus which sends out mail from an infected computer where the
from address is randomly chosen from the infected user's addressbook.
These viruses work in two ways:
Spoofing the from address and mailing out through the ISP's relays
Spoofing the from address (or not) and mailing out directly to MX
SPF stops both of these.

Drone PC's (those infected by trojans) which are used to send out spam
either through ISP relays or directly to MX with spoofed from addresses.

There, you have two examples. :-)