On Sat, Jun 05, 2004 at 09:10:51AM +0200, Frank Ellermann wrote:
4) Recipients always use the leftmost field of MAIL FROM:
to do the SPF check. This is always the current sender.
[...]
6) Bounces are sent directly to the originating address
(the rightmost field in MAIL FROM:).
Sorry, but I don't get it. My problem are numerous bounces
sent to forged MAiL FROM:<nonsense(_at_)xyzzy>. With v=spf1 I (or
rather my ISP) can solve this problem by defining IPs allowed
to send mail from any xyzzy address. The recipients detect
and reject fakes immediately => no more bounce, problem solved.
Works because you know xyzzy did not allow mail to come from
that address. The address is spoofed, and you know it.
Now your idea allows to create a domain spam.example.net with
"v=spf1 +all" and MAIL FROM:<@spam.example.net:nonsense(_at_)xyzzy>
Now you know the spammer's domain: spam.example.net; this is not
a forgery so SPF _does_ allow it to enter. That does _not_ mean
you want to talk to spam.example.net, it just means you have
verified the domain. Now implement a black list for spam.example.net
and you still reject the message.
This black list works _because_ you have verified the sender.
The spammer has two options:
1) lie through teeth -> you reject, due to spoofing
2) speak the truth -> you reject, due to black listing
HTH
Alex
--
I ask you to respect any "Reply-To" and "Mail-Follow-Up" headers. If
you reply to me off-list, you'd better tell me you're doing so. If
you don't, and if I reply to the list, that's your problem, not mine.