Re: [exim] Anti Phishing Trick

Top Page
This message is part of the following thread:
M----\the complete thread tree sorted by date
M....MOliver Egginger at <-
M+++\Marc Sherman at ->
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: Marilyn Davis
CC: exim-users
Subject: Re: [exim] Anti Phishing Trick
On Wed, 2005-08-24 at 08:36 -0700, Marilyn Davis wrote:
> On Wed, 24 Aug 2005, David Woodhouse wrote:
>
> > On Wed, 2005-08-24 at 13:01 +0100, Nigel Metheringham wrote:
> > > The problem is that SPF works fine if you look at it from the
> > > perspective of an individual (with clue) - I know how my (legitimate)
> > > mail gets to me, and can allow for that (so stuff thats being
> > > legitimately forwarded via my vanity account with the federation of
> > > yorkshire jelly wrestlers can be allowed for).
> >
> > How do you know which machines the federation of yorkshire jelly
> > wrestlers will be using for forwarding mail? It won't necessarily be the
> > MX hosts for their domain, and it won't necessarily be the normal
> > outgoing mail servers listed in their SPF record (even if they _have_ an
> > SPF record). If you come up with some list of addresses which you think
>
> My understanding, please correct me, is that The Federation of
> Yorkshire Jelly Wrestlers is responsible for maintaining the right
> info in their SPF record.

Nope. They are forwarding the mail, so the sender domain is the
original sender, but the originator IP is the forwarding box.

So then you say that everyone has to go along with the completely broken
SPF forwarding stuff by doing hackish rewrites of the sender address -
thus breaking other things.

And it will all supposedly work when the whole world is SPF
aware/compliant.

Fine. Come back to me when the whole world is SPF compliant. Until
then its broken, and so my systems are not going to have anything to do
with it.

The rest of your message appears to show you don't know how forwarding
works.

I used to be very sympathetic towards SPF. However their people are
still saying its perfectly OK and the answer to everything when its
clear that its utterly broken - at least without requiring the whole
world to implement it. If we are going for a whole world must implement
solution then lets doing a major replacement of SMTP instead. 

    Nigel.


-- 
[ Nigel Metheringham           Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]





This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Anti Phishing TrickRe: [exim] Anti Phishing Trick->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)