Fridrik Skulason [mailto:frisk(_at_)f-prot(_dot_)com] wrote:
Then if someone forges mail from their own IP address:
o The spf tests for mail froms of "user(_at_)example(_dot_)com" return
FAIL.
But this would not give any additional benefits to the worm writers.
What is most likely that they would do (assuming that SPF or something
like that becomes widely used) is just to determine that the computer
belongs to example.com, and just forge the user's name - sending out
mail from bill(_at_)example(_dot_)com, bob(_at_)example(_dot_)com,
joe(_at_)example(_dot_)com and so on.
This is really irrelevant to SPF as such - there is nothing it can do
to prevent this, but I am just pointing this out as the most likely
reaction by the worm authors.
Yes, in fact SPF does prevent this! The worm could attempt to send mail out
as bill, bob or joe(_at_)example(_dot_)com and when the receiving MTA did its
own SPF
check, it would see that the computer that was spreading the worm was not
authorized to send email on behalf of example.com. Example.com is not going
to set up an SPF record that allows every one of their users computers to
send email on their domain's behalf....
Marc
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡