spf-discuss
[Top] [All Lists]

Re: A couple of thoughts

2004-02-13 11:37:21
On 13 Feb 2004, at 16:24, Brian Candler wrote:

On Fri, Feb 13, 2004 at 09:57:11AM -0600, wayne wrote:
(1) If the SPF proposal is widely adopted, I'd expect spammers just to start
sending spams with null envelope senders, i.e.

  MAIL FROM:<>
  RCPT TO:<me(_at_)mydomain(_dot_)com>

This doesn't help the spammer at all.  If the envelope-from is null,
then SPF uses the HELO domain because the HELO domain is sending the
bounce.  All the spammer has done is moved the requirement from one
spot to another.

I see. But presumably the spammer will use
    HELO dsl-192-0-2-35.someisp.net      # real reverse DNS
or
HELO myisp.com # any domain hosted at this ISP

in which case presumably SPF will allow it?

Only if the ISP's mail server is an open proxy or if the ISP has designated its customer's machines as allowed mailers.

Matt.


________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________


<Prev in Thread] Current Thread [Next in Thread>