ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Re: SPF abused by spammers

2004-09-18 00:54:04
from [Peter J. Holzer] [Permanent Link] 
On 2004-09-15 01:51:17 +0200, Markus Stumpf wrote:

On Wed, Sep 15, 2004 at 12:20:13AM +0200, Peter J. Holzer wrote:

Why should they? No legitimate user would want to send mail as
johndoe(_at_)ABordeaux-251-2-10-162(_dot_)w82-125(_dot_)abo(_dot_)wanadoo(_dot_)fr,
 because he will
never be able receive an answer (assuming that this is an address in a
dynamic address pool). The legitimate user will send want to send mail
as johndoe(_at_)wanadoo(_dot_)fr, or maybe 
johndoe(_at_)bordeaux(_dot_)wanadoo(_dot_)fr(_dot_)


Not quite right.
There is a big difference between 2821.MAILFROM and 2822.From. I can
fake the 2821.MAILFROM and use my correct 2822.From and everybody will
be able to answer using a MUA.


Yes, but which MUA used by "normal" users does this? My point was that
ISPs wouldn't post such SPF records because such records are of no use
to (almost all) their legitimate users (Only work/cost for the provider,
but no benefit).



This allows to domain owner to prevent forgeries (or rather, allows the
domain owner to publish information which will allow the recipient to
recognize the forgery easily), which will reduce bounces and misguided
complaints.


And they all will have to learn that it is not sufficient to add SPF
records to the domain only.
What will happen (as per SPF) with emails sent with a sender address
    user(_at_)www(_dot_)your_domain
or how about
    user(_at_)vishna(_dot_)your_domain


Nothing. There are no mail addresses of this form. Every mail to will
either bounce with "Connection refused" or "550 no such user".



The really funny thing is that - as www.your_domain is a CNAME -
you cannot even add a SPF record for www.your_domain, as CNAMEs does not
allow other RRs for the same LHS.


I could change the CNAME to an A record, or I could add the SPF record
to asherah.my_other_domain. I just don't see the need.


So you cannot prevent forgery with SOF abusing www.your_domain.


I don't need to. 

        hp

-- 
   _  | Peter J. Holzer    | Je höher der Norden, desto weniger wird
|_|_) | Sysadmin WSR       | überhaupt gesprochen, also auch kein Dialekt.
| |   | hjp(_at_)hjp(_dot_)at         | Hallig Gröde ist fast gänzlich 
dialektfrei.
__/   | http://www.hjp.at/ |   -- Hannes Petersen in desd

Attachment: pgpOemPPR8GEg.pgp
Description: PGP signature

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Filtering spam by detecting 'anti-Bayesian' elements?, Laird Breyer
Next by Date:  RE: [Asrg] Filtering spam by detecting 'anti-Bayesian' elements?, Brian Azzopardi
Previous by Thread:  Re: [Asrg] Re: SPF abused by spammers, David Wilson
Next by Thread:  Re: [Asrg] Re: SPF abused by spammers, Barry Shein
Indexes:  [Date] [Thread] [Top] [All Lists]