ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Time-Limited "testing" attributes -> was RE: Can you ever reject mail based on RFC2821 MAIL FROM?

2004-04-28 21:47:34
from [Hector Santos] [Permanent Link] 

As on related note,  I mentioned this to Meng as well.

This "testing" attributes has been exploited by SPF compliant spammers
and/or spammers knowing the existence of "relaxed" SPF/CEP records and use
these DOMAINS over others.   All a spammer needs to do is "google"
Receive-SPF and they will find the "neutral" and "softfail" records, pretty
much in the same way a SPAMMER will collect the recent entries into a RBL
database and exploit the idea that it will take X days before the open
relay/proxies is closed by the system admin.

Lets close current loopholes by introducing new ones.

I highly suggest that the documentation make it very clear "testing"
attributes are time limited options and designed for preferred short
migration periods.  In addition,  I suggest a statement be added eluding to
the probability a system implementation will catch on this exploit and will
add their own "time limited" caching.  In other words, a system might record
the first usage of these 'testing" records and then put a expiration and/or
counter time on it repeated usage.

You, nor Meng can not stop us from implementing this sort of "derivative"
logic in our receiver system that compensates for the "holes" in the current
functional specification.

-- 
Hector Santos, Santronics Software, Inc.
http://www.santronics.com



----- Original Message ----- 
From: "Harry Katz" <hkatz(_at_)exchange(_dot_)microsoft(_dot_)com>
To: "Matt Sergeant" <msergeant(_at_)startechgroup(_dot_)co(_dot_)uk>; 
<ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Wednesday, April 28, 2004 8:05 PM
Subject: RE: RE: RE: Can you ever reject mail based on RFC2821 MAIL FROM?




 > -----Original Message-----

From: Matt Sergeant [mailto:msergeant(_at_)startechgroup(_dot_)co(_dot_)uk]
Sent: Wednesday, April 28, 2004 3:51 PM
To: Harry Katz
Cc: Hallam-Baker, Phillip; Jon Kyme; ietf-mxcomp(_at_)imc(_dot_)org
Subject: RE: RE: RE: Can you ever reject mail based on
RFC2821 MAIL FROM?


[snip]


This is one of the major things I found missing from
Caller-ID - the equivalent to SPF's "~all". Any MARID system
will have to encode this fuzziness, IMHO.

Ironically it was Microsoft's own records that made it clear
this was vital, with many FPs occurring as soon as we started
playing. :-)


Agreed, this is missing from Caller ID and needs to be added.

However, Microsoft's Caller ID record does have the "testing" attribute
set, so hopefully you weren't rejecting any of our mail.  :-)
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Caller-ID group is hiring!, Hector Santos
Next by Date:  Re: Time-Limited "testing" attributes -> was RE: Can you ever reject mail based on RFC2821 MAIL FROM?, Hector Santos
Previous by Thread:  RE: RE: RE: Can you ever reject mail based on RFC2821 MAIL FROM?, Harry Katz
Next by Thread:  Re: Time-Limited "testing" attributes -> was RE: Can you ever reject mail based on RFC2821 MAIL FROM?, Greg Connor
Indexes:  [Date] [Thread] [Top] [All Lists]