On Fri, Jan 30, 2004 at 07:24:54AM -0500, Mark Shewmaker wrote:
Then if someone forges mail from their own IP address:
o The spf tests for mail froms of "user(_at_)example(_dot_)com" return FAIL.
But this would not give any additional benefits to the worm writers.
What is most likely that they would do (assuming that SPF or something
like that becomes widely used) is just to determine that the computer
belongs to example.com, and just forge the user's name - sending out
mail from bill(_at_)example(_dot_)com, bob(_at_)example(_dot_)com,
joe(_at_)example(_dot_)com and so on.
This is really irrelevant to SPF as such - there is nothing it can do
to prevent this, but I am just pointing this out as the most likely
reaction by the worm authors.
--
Fridrik Skulason Frisk Software International phone: +354-540-7400
Author of F-PROT E-mail: frisk(_at_)f-prot(_dot_)com fax:
+354-540-7401
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡