spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Greeting Card sites catching on

2004-07-11 07:28:37
from [Michael Weiner] [Permanent Link] 
On Sat, 10 Jul 2004 14:09:27 -0400, Meng Weng Wong
<mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> wrote:

On Sat, Jul 10, 2004 at 10:10:26AM -0700, James Couzens wrote:
| It appears as though the Greeting Card sites are listening and are
| taking action.
|
| egreetings.com.         3600    IN      TXT     "v=spf1
| ip4:216.33.97.64/26 ip4:216.33.111.128/25 ip4:64.14.122.0/24
| ip4:209.225.54.64/26 ip4:207.58.192.128/25 ~all"
|
| Congratulations egreetings, keep up the good work!
|

Yeah, that's pretty awesome.  They set a fine example for
other sites to follow:

  Return-Path: <services(_at_)egreetings(_dot_)com>
  Sender: <services(_at_)egreetings(_dot_)com>
  From: "mengwong(_at_)dumbo(_dot_)pobox(_dot_)com" 
<mengwong(_at_)dumbo(_dot_)pobox(_dot_)com>
  To: <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com>

Perfectly compatible with both SPF Classic and Sender ID.

My MTA said:

  Received-SPF: pass (dumbo.pobox.com: domain of 
services(_at_)egreetings(_dot_)com designates 216.33.97.84 as permitted 
sender)

Good work guys, thanks for being part of the solution.


Yeah i got the same thing sending myself a greeting card from their website:

Return-Path: <services(_at_)egreetings(_dot_)com>
Received-SPF: pass (niteowl.userfriendly.net: domain of
services(_at_)egreetings(_dot_)com designates 216.33.97.83 as permitted sender)
receiver=niteowl.userfriendly.net; client_ip=216.33.97.83;
envelope-from=services(_at_)egreetings(_dot_)com;
Received: from iport2.americangreetings.com
(iport2.americangreetings.com [216.33.97.83]) by
niteowl.userfriendly.net (8.13.0/8.13.0 Public Port 25 WARNING! Abuse,
unauthorized access, or spam sent to this host constitutes acceptance
of civil and/or criminal liability by the sender! You have been
warned! No UCE!) with ESMTP id i6BEDbbf031735 for
<hunter(_at_)userfriendly(_dot_)net>; Sun, 11 Jul 2004 10:13:39 -0400
Received: (from nobody(_at_)localhost) by www.americangreetings.com
(8.11.6/8.11.6) id i6BEC2l30695 for hunter(_at_)userfriendly(_dot_)net; Sun, 11
Jul 2004 10:12:02 -0400
Date: Sun, 11 Jul 2004 10:12:02 -0400
Message-Id: 
<200407111412(_dot_)i6BEC2l30695(_at_)www(_dot_)americangreetings(_dot_)com>
X-AG-MIPS: 1.434668
Sender: services(_at_)egreetings(_dot_)com
From: mweiner(_at_)ag(_dot_)com <mweiner(_at_)ag(_dot_)com>
To: hunter(_at_)userfriendly(_dot_)net
Subject: [UFN-SpamCop] Hi, I sent you an eCard from Egreetings.com
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=\"----------=_40F14B54.144B37D7\"
X-sender-ip: 68.22.33.182
X-AGSite: 100

However, upon throwing those headers into
spftools.infinitepenguins.net header checker, it tells me i should be
WORRIED about this email, as in the following:

Recipient
Now let's work out who the message was delivered To:
According to the latest Received: header, the message was delivered
for hunter(_at_)userfriendly(_dot_)net

Sender
And the last piece of data that we need is the sender of the message.
First, let's look at the initial 'From' line...
No, there's no email address there... maybe your mail reader ate it
(they often do)...
We'll look for a "From:" line inside the headers instead... (this
isn't ideal for SPF checking, but it's worth a go).
Ok, the headers say "From: mweiner(_at_)ag(_dot_)com"... that'll do.

Analysis
Right... now to see if the data we've gathered above appears to make
sense for a message from mweiner(_at_)ag(_dot_)com to 
hunter(_at_)userfriendly(_dot_)net(_dot_)
Entry into receiving network

First step: we'll see where the message entered the receiver's network.
Release from sender's network

Now we'll work out where the sending domain appears to have released
the message - we'll work backwards from the step before your servers
took over.

To do this we need the SPF record for the sending domain (ag.com)...
Ah... bother. There isn't one. Ok, we'll make one up as a guess: let's try
v=spf1 a/24 mx/24 ptr ~all
Note: this makes the rest of the analysis a bit of a guess, really!
SPF checks on the previous steps look like:
Path Summary
Whole path unexplained  /

It looks like nothing in that set of SMTP hops should have sent the
message from ag.com... this message should be considered suspect!

Result
(for mail from mweiner(_at_)ag(_dot_)com to hunter(_at_)userfriendly(_dot_)net)

Worried
-------------------------------
It looks like its SPF compliant, but not necessarily compliant with
SMTP RFCs or am i missing something here?

Michael Weiner
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re[2]: Is there is proposed checks on bounces and delivery notification ?, Chris Drake
Next by Date:  Re[2]: Greeting Card sites catching on, Chris Drake
Previous by Thread:  Re: Re[2]: Greeting Card sites catching on, David Brodbeck
Next by Thread:  Re: Greeting Card sites catching on, Carl Hutzler
Indexes:  [Date] [Thread] [Top] [All Lists]