Meng Weng Wong wrote:
No, I expect the bounce address to always be MAIL FROM.
I expect the subject of SPF checking to be SUBMITTER if it
is present, and MAIL FROM if it is not.
Let's see, I'm a spammer and have several hundreds of cheap
domains and thousands of spamcast zombies. Today I would
point one of my domains to the IP where I host redirections
to my spamvertized pages, and then let my zombies send spam
MAIL FROM:<forged(_at_)xyzzy> From:<forged(_at_)xyzzy> Subject: Viagra
With classic SPF this will FAIL, no spamcast IP is allowed
to use a forged(_at_)xyzzy address. Therefore I'm forced to use
other addresses.
With Sender-Id I'd also use one of my cheap domains per spam
run (to be burnt with SURBL) _and_ add a sender policy for it:
cast.example TXT "v=spf1 +exists:{ir}.cast.blackholes.us -all"
Then I let my spamcast zombies fire:
MAIL FROM:<forged(_at_)xyzzy> SUBMITTER=spam(_at_)cast(_dot_)example
From: forged(_at_)xyzzy
Sender: spam(_at_)cast(_dot_)example
Subject: Viagra
Sent from any spamcast zombie this should pass a Sender-Id test,
and therefore it's not necessarily rejected immediately by the
MX of the recipient. If it's bounced later it would go to
forged(_at_)xyzzy(_dot_)
In
<3CA474173FC0274799F97F3AB3BD25EE1A781A(_at_)ltwd-svr2(_dot_)lightwood(_dot_)com(_dot_)au>
Terje wrote:
| You seem to be giving up one of the prime benefits of SPF
| classic
That's also my impression.
You answered in <20040728194534(_dot_)GO16317(_at_)dumbo(_dot_)pobox(_dot_)com>:
| If SUBMITTER does not appear on your whitelist, then you can
| reject the message even if the SPF check passes.
What's this "whitelist" used with a SUBMITTER ? In my example
the throw-away domain cast.example isn't on any "whitelist", it
only exists for a single spam run of 10 million spam mails, the
same idea as today with spamvertized domains.
Bye, Frank