spf-discuss
[Top] [All Lists]

RE: first spf-enabled spam

2004-04-13 13:02:00
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com 
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of David
Sent: April 13, 2004 3:31 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] first spf-enabled spam

that's what we were doing, but we relized that there is
people publishing spf records that allow a entire hackeable 
dsl/cable zone to send mail from a given domain, regardless 
of the real existence of a real mailer in such this computers.

And if said cable ISP allows only their own servers in the 
SPF record, 
then someone can hack those DSL/cable computers, and then 
connect from 
there to the ISP's SMTP server and still spoof the cable 
ISP's domain.

well, it's suposed that the isp own servers require at least 
smtp auth and by now i never seen any spam comming from a 
hacked computer that used smtp auth.


 No way to
avoid that unless the ISP requires SMTP AUTH (which is rare),

rare ? well, here in spain what is rare is that any isp does 
not use smpt auth.

Perhaps you should come to North America, then. I've only heard of ONE ISP
requiring SMTP AUTH from its subscribers, and that ISP requires it only to
relay mail that doesn't have a from @theirdomain.com. It's a setup that was
put in after @Home died (so a brand new mail infrastructure less than three
years ago), and I think they tried requiring SMTP AUTH for a week or two and
had ALL kinds of trouble with older MUAs, so they gave up. 

With the ISPs I've done business with (including commercial ISPs, small and
large, and educational institutions), the old "relay mail from your local
netblock" without authentication model is VERY much alive. 

and even then,
a clever hacker could probably obtain the hacked person's 
login info 
somehow...

i think it's not possible for a virus to get the 
username/password from the hacked computer.

It used not to be possible to get a virus from clicking on an email,
either...