spf-discuss
[Top] [All Lists]

Re: Patent license

2004-08-24 13:52:00

Matthew(_dot_)van(_dot_)Eerde(_at_)hbinc(_dot_)com wrote:

No.  In fact, source IP is required for SPF records with PTR in them.


ok, so it picks up the source ip from the connection.

but it can't care about the ehlo or the mail from line, otherwise I suppose there would need to be some decision made with regard to connection params or PRA / Header determination...



Yes.  So the MTA needs to keep track of everything.  Headers can be
according to taste.
EHLO, Source IP => top Received-by: header
MAIL FROM (<> From: header) => X-Envelope-From: header



Mail From and the From header are completely unrelated.

I can telnet to a server on port 25 and do this



server1# telnet oo50.emkhost.com 25
Trying 68.165.182.50...
Connected to oo50.emkhost.com.
Escape character is '^]'.
220 oo50 ESMTP oo50 0.27.1 Send roboota mobattie.
ehlo
250-oo50 Hi server1.managean.com [69.20.9.90]
250-WIGGLE
250 8BITMIME
mail from: <willey(_at_)41166(_dot_)com>
250 willey(_at_)41166(_dot_)com, sender OK it is wery exciting.
rcpt to: <wiggles(_at_)41166(_dot_)com>
250 wiggles(_at_)41166(_dot_)com, recipient ok
data
354 go ahead
from: waitman(_at_)emkdesign(_dot_)com
subject: what in the world

test
.
250 Queued!
quit
221 oo50 bye. Have a wonderfulo dayo.
Connection closed by foreign host.



and the message shows up like this



Return-Path: 
<SRS0=/yU4s6dH=LO=41166(_dot_)com=willey(_at_)r2(_dot_)emkhost(_dot_)com>
Received: from mail.emkhost.com (h-68-165-182-61.lsanca54.covad.net 
[68.165.182.61])
        by r2.emkhost.com (xox) with ESMTP id i7OKvqgn061389
        for <sparewaitman(_at_)r2(_dot_)emkhost(_dot_)com>; Tue, 24 Aug 2004 
13:57:52 -0700 (PDT)
Received: from localhost.localdomain (h-68-165-182-50.lsanca54.covad.net 
[68.165.182.50])
        by mail.emkhost.com (8.13.0/8.13.0) with ESMTP id i7OKgj17007810
        for <wiggles(_at_)41166(_dot_)com>; Tue, 24 Aug 2004 13:42:45 -0700 
(PDT)
Date: Tue, 24 Aug 2004 13:42:45 -0700 (PDT)
Message-Id: 
<200408242042(_dot_)i7OKgj17007810(_at_)mail(_dot_)emkhost(_dot_)com>
Received: from server1.managean.com (HELO ) (69.20.9.90)
 by oo50 (oo50/1000.27.1) with ESMTP; Tue, 24 Aug 2004 06:41:10 -0700
from: waitman(_at_)emkdesign(_dot_)com
subject: what in the world
X-EMK-SRC: host  ip 69.20.9.90
To: undisclosed-recipients:;

test




So you could get a message claiming to be from jesus himself that passes SPF. (if it does checks before DATA)


if it does checks after DATA, and looks at the header - well there is nothing about DATA that is safe to consider to be true.

And I am back to their example of the problem with web forms that use the "From" address based on visitor input. Adding a special header that permits the thing to go through regardless of who its from doesn't really seem make enough sense to go to all the trouble of reading (maybe a faulty or forged) DATA when it could probably just look at MAIL FROM in the first place.


From what I understand, the CDO thingy just drops a text
email into the
outgoing queue for processing. So, it is using the FROM
address of the
message to do MAIL FROM.

MAIL FROM usually equals From: header.  For CDO, s/usually/always/





<Prev in Thread] Current Thread [Next in Thread>