Re: [exim] SPF Feature - Walk Received header

Top Page
This message is part of the following thread:
M+-\the complete thread tree sorted by date
MM.MMarc Perkel at <-
.M\Jethro R Binks at ->
Delete this message
Reply to this message
Author: Peter Bowyer
Date:  
To: exim users
Subject: Re: [exim] SPF Feature - Walk Received header
On 07/05/2009, Marc Perkel <marc@???> wrote:
>
>
> Peter Bowyer wrote:
> On 07/05/2009, Marc Perkel <marc@???> wrote:

> I'm not currently using SPF but I thought of a feature that mught make
SPF
> useful. If there were a test that checked all the received lines
> and
returned true if any host matched the SPF record it might eliminate
> the
forwarding issue that SPF breaks.

> That would leave a gaping barn-door-sized hole in SPF - a forger could
look
> up the SPF record for the domain he was forging, and add a forged
Received
> header claiming the message had been originated correctly.

I guess you
> could apply this rule to a small whitelist of trusted
forwarders, though.
> But those people should be using SPF/SRS
themselves (mine do).

Peter


>
> Granted that a spammer could forge received headers. Most don't.

Eh? Have you looked at many spam samples lately? Or in the last 10 years?

> I'm
> thinking that not bouncing forwarded email is better than the few spammers
> who sneak through.

Not spammers - forgers. Providing a way to defeat an anti-forgery
mechanism wouldn't be my choice. But hey, if that's what you want....


--
Peter Bowyer
Email: peter@???
Follow me on Twitter: twitter.com/peeebeee

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] SPF Feature - Walk Received headerRe: [exim] SPF Feature - Walk Received header->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)