Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: David Woodhouse
Data:  
Para: Avleen Vig
CC: exim-users
Assunto: Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?
On Sun, 2004-03-21 at 15:23 -0800, Avleen Vig wrote:
> > Please give an example of a spam which would be stopped by SPF but _not_
> > by other methods of verifying that the address in the reverse-path
> > really is controlled by the actual sender of the mail.
>
> Pick any virus which sends out mail from an infected computer where the
> from address is randomly chosen from the infected user's addressbook.
> These viruses work in two ways:
> Spoofing the from address and mailing out through the ISP's relays
> Spoofing the from address (or not) and mailing out directly to MX
> SPF stops both of these.
>
> Drone PC's (those infected by trojans) which are used to send out spam
> either through ISP relays or directly to MX with spoofed from addresses.
>
> There, you have two examples. :-)


No, because those would be stopped by _any_ method of verifying that the
supposed sender really was responsible for the mail in question.

For example, if the spammer happened to pick dwmw2@??? from
the address book, and try sending mail from that address... anyone doing
sender verification callouts will reject the spam, and certainly I'll
not be receiving the bounces even from those people who _do_ accept it
(There'll always be some people who accept anything).

You were asked not just to give an example of something which SPF stops,
but something which SPF stops but the alternatives do _not_ stop. This
was to support your claim that SPF offers 'FAR more' than the
alternatives which serve to verify the sender, remember?

--
dwmw2