[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Ask
Bjorn Hansen
Sent: Monday, December 15, 2003 5:01 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Maybe simple question
On Dec 14, 2003, at 8:44 AM, Edward Ned Harvey wrote:
If I add +include:aol.com or +include:rcn.com to my spf records, thus
allowing *anybody* to spoof my address who uses rcn or aol, there are
millions of people capable of forging my address.
Which is a lot fewer than can do so now! And if someone using one of
those ISPs decides to spoof your address you are much better off than
you are now when random-spammer spoofs your address as you already have
a relationship with $ISP being a customer there.
Ok, consider this:
Pretend I'm a spammer. I have a list of 120 million people's email
addresses. I have a high speed connection in some city somewhere. Let's
just say my ISP is isp.net
If I go down the list of email addresses, there are 20 million unique
domains. So all I have to do is find a domain whose spf records allows the
person to send mail from *my* isp. Suppose the victim's email address is
honestjoe(_at_)isp(_dot_)net
Presto. I can forge Joe's email address as much as I want, and spf will
tell the victims that it's really Joe sending the spam.
No matter what you do with SPF, the spammer will always succeed in this
method.
Poor Joe can't do anything about it. Consider his options:
1- If he's technically savvy, he receives a flood of bounce messages and
figures somebody must be hijacking his email address, so he reports the
incident to isp.net. Isp.net can probably stop the messages now. But they
won't catch the spammer, because the spammer won't use his own isp or his
own account for the attack -- the spammer will always hijack somebody else's
computer for that purpose. Meanwhile, 100 million spams have already been
delivered.
2- Joe can take isp.net out of his dns records, but then poor joe can't send
email from isp.net. What's more, 100 million spams have already been
delivered, and the dns changes won't propagate fast enough to stop the rest
anyway.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡