RE: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?

Góra strony
Delete this message
Reply to this message
Autor: Hämäläinen Jori
Data:  
Dla: exim-users
Temat: RE: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?

> -----Original Message-----
> From: J Yunke [mailto:yunke@productivity.org]
>
> #2. Spammers can just register throw-away domains, publish
> SPF/Caller-ID records, and everyone's happy.


But we must remember at this level we have someone to blame!
Payment of domain registration fee binds someone to this domain,
so you can be found when missused.

"You purchased this 'used' domain for spam-reasons, why? ...."

Multiple countries have anti-spam laws, and this way spammers
can be found, or at least people who should be responsible.
And you should really take care which kind of SPF-DNS-entries
you publish, because it is sort of 'trust' entry in DNS and
you can be accused when you publish wrong entries.

In my mind SPF is not sender ID. It is an effort to validate
*domains*, that this IP-address is a valid MTA for this domain.
At receiving side you'd ignore other MTAs. So it is 'trusted
MTA network' information.

If I had a security responsibility of my company's emails, I would
adopt SPF. Currently for example my competitor would be able to send
spoof-email coming from "me", and for example cancel our offering
to some third party, and the other company would win a big contract.
(Yeah, these should always be on PGP/S-MIME but they are not in real
world).

This would block trojan/malfare software using illegal domain
- however they can still spam via legal domain's MTA with it's own domain
    * but you can found; compare IP address to ISP radius/dhcp/smtp log
* SPF should be called: source domain spoofing prevention


About forwarding, forwarding can also be done 'attach original email' into
new forwarded message. This way when you reply you must copy&paste original
address from attached message. Nobody would like it.

It is nice to see that SPF is hosted at pobox.com which is 'email'-forwarding
company. So they are promoting stuff which causes them problems.. :-)

Also one point of view. By using SPF you don't have to deny email message
from coming in. On MUA level you can make filters/rules to move 'non-SPF'
messages to 'potential spam' -folder etc.

And bear in mind. Was it AT&T which bloked all incoming email-servers and
said "if you want to send us email, tell us and we'll enable your domain"?
So what they did is sort of 'internet security policy move', which is
"everything is denied unless allowed". Current SMTP is "everything is
allowed unless denied" (= blacklisting).

Best regards, Jori Hämäläinen