On Thu, 2004-06-03 at 15:54, Ryan Malayter wrote:
Unless I'm missing something, a message with these properties:
ENVELOPE-SENDER: someguy(_at_)phisher(_dot_)com (no RFROM)
RFC-2822 From: Operations(_at_)FirstNationalBank(_dot_)com
RFC-2822 Sender: someguy(_at_)phisher(_dot_)com
will pass under the new SPF, assuming phisher.com has valid SPF records.
The responsible sender will be evaluated as phisher.com. The message
will display in many MUAs as something like:
From: someguy(_at_)phisher(_dot_)com on behalf of
Operations(_at_)FirstNationalBank(_dot_)com
My mother could be fooled by this, thinking phisher.com was somehow
associated with her bank.
Especially if 'someguy(_at_)phisher(_dot_)com' looks legitimately associated to
the
emulated entity, something like:
From: dtrammell(_at_)FNB-CustomerService(_dot_)com on behalf of
Operations(_at_)FirstNationalBank(_dot_)com
--
Dustin D. Trammell
Vulnerability Remediation Alchemist
Citadel Security Software, Inc.
-------
Sender Policy Framework: http://spf.pobox.com/
The Inbox Event at the Marriott San Jose features SPF.
June 2: Email Accountability Symposium (free)
June 3: SPF Strategy BOF (free) where industry will coordinate deployment
timeline
Times: 6:30pm - 8pm, both sessions. http://www.inboxevent.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
signature.asc
Description: This is a digitally signed message part