spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: SPF-compliant phishing?

2004-09-15 07:02:34
from [guy] [Permanent Link] 
Roger also had this example for me.  I use a shared third party SNTP server.
This will prevent others from forging random users from my domain.  They
could still forge real users.
Guy

Roger Moser wrote:
To allow only User1, User2, etc. to send mail only through 1.2.3.4 or
2.3.4.5, setup following records:

"v=spf1 exists:%{l}.%{i}._spf1.watkins-home.com -all"
User1.1.2.3.4._spf1.watkins-home.com    A       127.0.0.1
User1.2.3.4.5._spf1.watkins-home.com    A       127.0.0.1
User2.1.2.3.4._spf1.watkins-home.com    A       127.0.0.1
User2.2.3.4.5._spf1.watkins-home.com    A       127.0.0.1
...

Or you could have following records (less recommended):

"v=spf1 -exists:%{l}._spf1.watkins-home.com ip4:1.2.3.4 ip4:2.3.4.5 -all"
*._spf1.watkins-home.com        A       127.0.0.1
User1._spf1.watkins-home.com    TXT     ""
User2._spf1.watkins-home.com    TXT     ""
...

Roger

-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Daniel 
Taylor
Sent: Wednesday, September 15, 2004 9:50 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] SPF-compliant phishing?

Hmm. Very interesting.
I should have recognized this before.

Well, it does fix Mr. Woodhouses objections, as this
mechanism would allow at least two of the forgeries he
presented to be caught, if not the lot. It is more
involved to setup however, and the additional administration
will likely prevent widespread use of the more complicated
mechanisms for a while.

Roger Moser wrote:

Daniel Taylor wrote:



SPF does not validate users.



The current syntax allows SPF to validate the local part on the envelope
sender. So it can validate users. For example:

mxout                 A       192.168.1.2
@                     TXT     "v=spf1 exists:%{l}.%{i}.spf.%{o} -all"
John.192.168.1.2      A       127.0.0.2
Mary.192.168.1.2      A       127.0.0.2

Roger



-- 
Daniel Taylor          VP Operations            Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com   http://www.vocalabs.com/        
(952)941-6580x203

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription, 
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: HELO and Unified, Paul Bissex
Next by Date:  Re: SPF-compliant phishing?, David Woodhouse
Previous by Thread:  Re: SPF-compliant phishing?, Daniel Taylor
Next by Thread:  Re: SPF-compliant phishing?, David Woodhouse
Indexes:  [Date] [Thread] [Top] [All Lists]