Re: [exim] SPF Feature - Walk Received header

Top Page
Delete this message
Reply to this message
Author: Peter Bowyer
Date:  
To: exim users
Subject: Re: [exim] SPF Feature - Walk Received header
On 07/05/2009, Marc Perkel <marc@???> wrote:
>
>
> Peter Bowyer wrote:
> On 07/05/2009, Marc Perkel <marc@???> wrote:


> I'm not currently using SPF but I thought of a feature that mught make

SPF
> useful. If there were a test that checked all the received lines
> and

returned true if any host matched the SPF record it might eliminate
> the

forwarding issue that SPF breaks.

> That would leave a gaping barn-door-sized hole in SPF - a forger could

look
> up the SPF record for the domain he was forging, and add a forged

Received
> header claiming the message had been originated correctly.


I guess you
> could apply this rule to a small whitelist of trusted

forwarders, though.
> But those people should be using SPF/SRS

themselves (mine do).

Peter


>
> Granted that a spammer could forge received headers. Most don't.


Eh? Have you looked at many spam samples lately? Or in the last 10 years?

> I'm
> thinking that not bouncing forwarded email is better than the few spammers
> who sneak through.


Not spammers - forgers. Providing a way to defeat an anti-forgery
mechanism wouldn't be my choice. But hey, if that's what you want....


--
Peter Bowyer
Email: peter@???
Follow me on Twitter: twitter.com/peeebeee