ietf-mxcomp
[Top] [All Lists]

Re: alternate submitter syntax

2004-07-29 13:55:23

Meng Weng Wong wrote:

No, I expect the bounce address to always be MAIL FROM.

I expect the subject of SPF checking to be SUBMITTER if it
is present, and MAIL FROM if it is not.

Let's see, I'm a spammer and have several hundreds of cheap
domains and thousands of spamcast zombies.  Today I would
point one of my domains to the IP where I host redirections
to my spamvertized pages, and then let my zombies send spam
MAIL FROM:<forged(_at_)xyzzy> From:<forged(_at_)xyzzy> Subject: Viagra

With classic SPF this will FAIL, no spamcast IP is allowed
to use a forged(_at_)xyzzy address.  Therefore I'm forced to use
other addresses.

With Sender-Id I'd also use one of my cheap domains per spam
run (to be burnt with SURBL) _and_ add a sender policy for it:

cast.example TXT "v=spf1 +exists:{ir}.cast.blackholes.us -all"

Then I let my spamcast zombies fire:

MAIL FROM:<forged(_at_)xyzzy> SUBMITTER=spam(_at_)cast(_dot_)example
From: forged(_at_)xyzzy
Sender: spam(_at_)cast(_dot_)example
Subject: Viagra

Sent from any spamcast zombie this should pass a Sender-Id test,
and therefore it's not necessarily rejected immediately by the
MX of the recipient.  If it's bounced later it would go to
forged(_at_)xyzzy(_dot_)

In 
<3CA474173FC0274799F97F3AB3BD25EE1A781A(_at_)ltwd-svr2(_dot_)lightwood(_dot_)com(_dot_)au>
Terje wrote:

| You seem to be giving up one of the prime benefits of SPF
| classic

That's also my impression.

You answered in <20040728194534(_dot_)GO16317(_at_)dumbo(_dot_)pobox(_dot_)com>:

| If SUBMITTER does not appear on your whitelist, then you can
| reject the message even if the SPF check passes.

What's this "whitelist" used with a SUBMITTER ?  In my example
the throw-away domain cast.example isn't on any "whitelist", it
only exists for a single spam run of 10 million spam mails, the
same idea as today with spamvertized domains.

                        Bye, Frank



<Prev in Thread] Current Thread [Next in Thread>