spf-discuss
[Top] [All Lists]

Re: first spf-enabled spam

2004-04-13 11:10:57
You are all forgetting that this leaves us with a valid return path and the
ability to shut that system down until it is resolved.  Thus SPF has
achieved its goal.

And if the staff puts their own e-mail in the same SPF-enabled domain as
their widespread user base, they get what they deserve.

On Mon, Apr 12, 2004 at 08:26:11PM +0200, David wrote:
Hi !!

Technically, you're quite correct. Politically and socially, it's a serious
problem. This is a *BIG* issue among my "Internet libertarian" friends. 
They
absolutely do not want their ISP's interfering in any way with their home
connectivity

this is not a matter of interfering the user's connectivity, they are
just saying that any of their users could forge the isp own domain email
addresses, in fact, any zoombie or hacked computer in their cable zone
would be able to forge the isp staff addresses without any problem and
this forgeries will be trusted by other isp's using spf, a totally *BIG*
security hole.

--
Best regards ...

A little inaccuracy sometimes saves tons of explanation.

----------------------------------------------------------------
   David Saez Padros                http://www.ols.es
   On-Line Services 2000 S.L.       e-mail  david(_at_)ols(_dot_)es
   Pintor Vayreda 1                 telf    +34 902 50 29 75
   08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------


-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/spf-draft-200403.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

-- 
Joe Rhett                                                      Chief Geek
JRhett(_at_)Isite(_dot_)Net                                      Isite 
Services, Inc.