SPF checks against envelope MAIL FROM: ...users dont know even that
this thing exists ! they blindly trust on mail header From:
How would be a relay attack? evils dont know every random message-id
of a mail server legit mail. Are they going to query "every" random
string? ....now you can query what you want on a DNS server...what is
the difference?
Sorry, I meant rePlay attack. You get hold of one 'valid' messagge-id and use
that for all your phishing messages.
sorry, I meant both of them ! you are obviously going to get the
validation from the evil domail but you also need one from phished
domain. The last one is only true if the mail was sent by paypal.com
So if I were to use Gmail to send mail on behalf of a example.com, a domain
which I hypothetically have an email address at (something which has worked
well for years), I'd have to validate the message ID of every email I want to
send at example.com?
Martijn.
Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg