Re: [exim] Anti Phishing Trick

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M-\Marc Perkel at <-
M\MMarilyn Davis at ->
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Nigel Metheringham
CC: exim-users
Subject: Re: [exim] Anti Phishing Trick
On Wed, 2005-08-24 at 13:01 +0100, Nigel Metheringham wrote:
> The problem is that SPF works fine if you look at it from the
> perspective of an individual (with clue) - I know how my (legitimate)
> mail gets to me, and can allow for that (so stuff thats being
> legitimately forwarded via my vanity account with the federation of
> yorkshire jelly wrestlers can be allowed for).

How do you know which machines the federation of yorkshire jelly
wrestlers will be using for forwarding mail? It won't necessarily be the
MX hosts for their domain, and it won't necessarily be the normal
outgoing mail servers listed in their SPF record (even if they _have_ an
SPF record). If you come up with some list of addresses which you think
is accurate, what makes you think it'll still be accurate tomorrow?

So no, even for the individual with their own private mail server it
doesn't really work that well for rejecting false mail. And when you
start trying to apply it to recipient domains with a large number of
users, each of whom may have different forwarding arrangements, it's
basically impossible.

--
dwmw2




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] macros in macrosRe: [exim] Anti Phishing Trick->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)