Re: [exim] Anti Phishing Trick

Top Page
Delete this message
Reply to this message
Author: Marilyn Davis
Date:  
To: Nigel Metheringham
CC: exim-users
Subject: Re: [exim] Anti Phishing Trick
On Wed, 24 Aug 2005, Marilyn Davis wrote:

> On Wed, 24 Aug 2005, Nigel Metheringham wrote:
>
> > On Wed, 2005-08-24 at 08:36 -0700, Marilyn Davis wrote:
> > > On Wed, 24 Aug 2005, David Woodhouse wrote:
> > >
> > > > On Wed, 2005-08-24 at 13:01 +0100, Nigel Metheringham wrote:
> > > > > The problem is that SPF works fine if you look at it from the
> > > > > perspective of an individual (with clue) - I know how my (legitimate)
> > > > > mail gets to me, and can allow for that (so stuff thats being
> > > > > legitimately forwarded via my vanity account with the federation of
> > > > > yorkshire jelly wrestlers can be allowed for).
> > > >
> > > > How do you know which machines the federation of yorkshire jelly
> > > > wrestlers will be using for forwarding mail? It won't necessarily be the
> > > > MX hosts for their domain, and it won't necessarily be the normal
> > > > outgoing mail servers listed in their SPF record (even if they _have_ an
> > > > SPF record). If you come up with some list of addresses which you think
> > >
> > > My understanding, please correct me, is that The Federation of
> > > Yorkshire Jelly Wrestlers is responsible for maintaining the right
> > > info in their SPF record.
> >
> > Nope. They are forwarding the mail, so the sender domain is the
> > original sender, but the originator IP is the forwarding box.
>
> Oh, I'm sorry. I misunderstood. I was thinking that the Federation
> was like Paypal, and lots of phish was generated in their name.
> Paypal is responsible for maintaining its SPF record.
>
> If the Federation is the forwarding MTA, then any phish they forward
> to my machine is not my fault.
>
> >
> > So then you say that everyone has to go along with the completely broken
> > SPF forwarding stuff by doing hackish rewrites of the sender address -
> > thus breaking other things.
>
> Oh no. I'm not saying anyone else has to do anything. I'm just
> trying to assign responsibility where it properly belongs so that I
> can do the right thing, and not beat myself over the head for others'
> responsibilities, and the problems generated by their failure to meet
> them.
>
> >
> > And it will all supposedly work when the whole world is SPF
> > aware/compliant.
> >
> > Fine. Come back to me when the whole world is SPF compliant. Until
> > then its broken, and so my systems are not going to have anything to do
> > with it.
> >
> > The rest of your message appears to show you don't know how forwarding
> > works.
>
> I hope I do. I hope it was my mis-read of the Federation's role that
> messed things up.
>
> A forwarded message does not have the local_part@domain of the
> recipient on the To: header. This is a clue for getting some value
> out of SPF.
>
> >
> > I used to be very sympathetic towards SPF. However their people are
> > still saying its perfectly OK and the answer to everything when its
> > clear that its utterly broken - at least without requiring the whole
> > world to implement it. If we are going for a whole world must implement


Another thought: it could be considered legitimate for a bank to
expect that the email address you list with them is a direct email
address. Certainly you change your snail mail address with them when
you move.

Mind you, I'm not one of "their people".

I'm just looking for the baby in the bathwater, and finding my own
responsibilities.

Marilyn

> > solution then lets doing a major replacement of SMTP instead.
>
> Yes, well, we people are generally pretty broken. "We have not yet
> seen the adult of the species" .. A.H. Almaas
>
> Marilyn
>
>
>
> >
> >     Nigel.

> >
> >
>
>


--