ietf-asrg
[Top] [All Lists]

Re: [Asrg] misconception in SPF

2012-12-09 17:39:15
There is no way for the owner of the overlying domain (who also owns
the subdomain) to force such email to FAIL.  There should be a way to
specify "all valid email from this domain and subdomains comes only
from this set of IPs and no others" and SPF fails to provide one.
That's a weakness in the structure of SPF which ought to be fixed.

there is ! you have to publish your sending IPs and also your not
sending IPs/hosts/subdomains.


I'm with Martijn.  Other than the test message you sent the other day,
I don't think I have ever seen a phish that used a subdomain of the
target.  Ever.

...so the "vulneravility" exists ! may be spammers don't know it yet !
don't you believe that a phish with these characteristics could be
worse than other?

At my institution I have told my users to check mail headers whenever
possible. They are physicists ... the ones who invented the www time
ago, so they have some skill level to do it. I always told them: do
not believe in what you see in the From: also check the envelope and
any hop in between ! ....but what will I say them when they´ll see
mails "comming" from a subdomain of the real domain that the mail
claims to be from and no checks failed?
I personally think this kind of phishing worse than common ones!

For the ones that said we are treating SPF as the FUSSP or the best
solution...the answer is no ! I use SMTP level client checks, helo
checks, sender checks, recipient checks, rate limits, SPF, DKIM,
greylists, spamassassin, etc. SPF is only one of which we are
discussing now a misconception, misunderstanding or what you prefer.
We can also disscuss about any of the other methods.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>