spf-discuss
[Top] [All Lists]

Re: SPF is not usable as legal measure against spammers.

2004-07-14 09:27:58
That is why and where smtp authentication comes into play. With smtp
authentication the hijacker cannot authenticate and therefore cannot send
from example.com return address.

----- Original Message ----- 
From: "Paul Howarth" <paul(_at_)city-fan(_dot_)org>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Wednesday, July 14, 2004 12:09 PM
Subject: Re: [spf-discuss] SPF is not usable as legal measure against
spammers.


Jonathan Gardner wrote:
How is it possible to lie? Only the domain owners are allowed to publish
DNS
records for their domain. The domain owners assert via SPF that mail
going
through specific servers is their mail. I must be missing the part where
someone else can publish SPF records for you, and claim mail servers you
don't trust are allowed to send email for you. I don't see how that is
possible.

Suppose example.com is a customer of $bigisp, and for whatever reason,
relays
their outgoing mail through $bigisp's mail servers. It's still possible
for a
spammer to hijack the machine of any other customer of $bigisp and send
mail
out with a sender address of anyone(_at_)example(_dot_)com, which will be OK
according to
example.com's SPF record. However, example.com is clearly not responsible
for
that mail.

Paul.

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Send us money!  http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com



<Prev in Thread] Current Thread [Next in Thread>