hello list,
i got a piece of email today which gave me a bit of a problem. it
may be entirely irrelevant since i don't know everything about the
various SMTP RFCs, but here's my concern. what if a spammer forges the
beginning portion of a mail route. for example, can a spammer send an
email to me and claim to be relaying it for some other entity (like ebay
for example) even though the mail didn't originate at ebay?
for a concrete example, check out the trimmed headers below. can the
host at charterwv.net create an email and fake a header (2) and then
pretend it's relaying for that domain (1)? my concern is that an SPF
lookup checks the sender's domain, but not the relay's. if so, is this
an issue that is addressed or can be addressed with SPF?
thanks,
twkonefal
--
Tomasz Konefal
Systems Administrator
Command Post and Transfer Corp.
416-585-9995 x.349
--snip--
From - Fri Feb 20 09:22:47 2004
X-UIDL: 29cd63a4641c02cff0462b2b3c505c1f
X-Apparently-To: twkonefal(_at_)XXXXXXX(_dot_)XX via 216.136.172.210; Fri, 20 Feb
2004 04:36:04 -0800
Return-Path: <service(_at_)ebay(_dot_)com>
(1) Received: from 68.187.223.20 (HELO
ip-wv-68-187-223-020.charterwv.net) (68.187.223.20)
by mta139.mail.scd.yahoo.com with SMTP; Fri, 20 Feb 2004 04:35:53 -0800
(2) Received: from ebay.com (data.ebay.com [66.135.195.180])
by ip-wv-68-187-223-020.charterwv.net (Postfix) with ESMTP id 89EFC8DC45
for <twkonefal(_at_)XXXXXXX(_dot_)XX>; Fri, 20 Feb 2004 06:35:55 -0600
From: eBay Service <service(_at_)ebay(_dot_)com>
To: Twkonefal <twkonefal(_at_)XXXXXXX(_dot_)XX>
Subject: Ebay Account Update
Date: Fri, 20 Feb 2004 06:35:55 -0600
Message-ID: <101001c3f7ae$86f48d5d$8b8b4a75(_at_)ebay(_dot_)com>
--snip--