Hi Andrew,
Are you a troll?
I already tested your "bounce/notification/ORCPT" idea, both with real
and bogus recipients, and SPF properly protects everything in every
case. No 3rd parties get any bounces, nor receipts of any kind.
I also sent a long explanation of this already, which you either
didn't read, or seem to have ignored.
AGT> Originaly SPF was targeted against spam.
Troll-Crap. Read the RFC you turkey:-
Abstract
Email address forgery is a problem on the Internet today. Domain
owners want to control the use of their names in email, but are
helpless because they lack the means. This document introduces a
language for domains to make email-related declarations in DNS. It
defines in detail one possible sender authentication scheme for
domains to describe the hosts from which they send mail. SMTP
receivers can use this scheme to detect sender forgery.
Pull out your highlighter pen and show me where the word "spam"
appears.
Kind Regards,
Chris Drake
Monday, July 12, 2004, 2:33:24 AM, you wrote:
AGT> [Chris Drake]
How many times do we have to tell everyone the same thing:-
SPF IS NOT AN ANTISPAM TECHNOLOGY
NOT NOT NOT NOT NOT NOT NOT.
It's an authentication mechanism, which happens to be very useful
for helping with spam problems - but it's NOT an anti-spam
technology.
AGT> Do not substitute marking names.
AGT> It's like puting cop in front of bank pretending he is protecting your
AGT> money.
AGT> But in case of bank robbery - bank will tell:
AGT> "Ups.. We are sorry. You was thinking single cop will be able to protect
AGT> your money ?
AGT> We used him only as an advertisement to attract clients"
AGT> Do not attempt to protect current SPF design shortcommings by changing
AGT> design goals.
AGT> Originaly SPF was targeted against spam.
AGT> If I will realy need sender authentication - I will use PGP or S/MIME or
SSL
AGT> or something else.
AGT> I will never rely on IP address message from citibank will come to me.
AGT> http://www.linuxjournal.com/article.php?sid=7328
AGT> "Sender Policy Framework (SPF) takes aim at the practice of return-path
AGT> spoofing, a technique employed by worms, viruses and other senders of
AGT> unwanted mail."
AGT> My original question was - Do SPF prevent bounce/notification/ORCPT address
AGT> spoofing ?
AGT> If not - why ? I've provided an example how spammers can deliver short
AGT> messages to inocent mailboxes using refrected forgery that will be somethat
AGT> hard to prevent.
AGT> How many times I must repeat my technical questions while waiting for
AGT> techincal answers ?
AGT> Sorry,
AGT> --
AGT> Andriy G. Tereshchenko
AGT> TAG Software
AGT> Odessa, Ukraine
AGT> http://www.24.odessa.ua
AGT> -------
AGT> Sender Policy Framework: http://spf.pobox.com/
AGT> Archives at http://archives.listbox.com/spf-discuss/current/
AGT> Send us money! http://spf.pobox.com/donations.html
AGT> To unsubscribe, change your address, or temporarily deactivate your
subscription,
AGT> please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com