Re: SPF-compliant phishing?

spf-discuss

Re: SPF-compliant phishing?

2004-09-15 08:55:10

On Wed, 2004-09-15 at 11:45 -0400, Stuart D. Gathman wrote:

On Wed, 15 Sep 2004, David Woodhouse wrote:

In the second example. The first example is very different, but I'll
come back to that. But OK, we accept that SPF doesn't actually let you
validate the user reliably.


It does with exists.  It even lets you validate an SES signature via
exists.


True -- given a stunt DNS server and a creative use of 'exists' you can
indeed make it do almost anything. It's almost a shame there's a limit
on include recursion or some nutter would be demonstrating how it's
Turing-complete by now :)

But I'm talking about the 'classic' deployment scenario, and the level
of trust which can be inferred from a 'pass' result. 

-- 
dwmw2

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
SPF-compliant phishing?, David Woodhouse Re: SPF-compliant phishing?, Daniel Taylor SPF-compliant phishing?, Roger Moser Re: SPF-compliant phishing?, Daniel Taylor RE: SPF-compliant phishing?, guy Re: SPF-compliant phishing?, David Woodhouse Re: SPF-compliant phishing?, Daniel Taylor Re: SPF-compliant phishing?, David Woodhouse Re: SPF-compliant phishing?, Stuart D. Gathman Re: SPF-compliant phishing?, David Woodhouse <= Re: SPF-compliant phishing?, Tony Finch Re: SPF-compliant phishing?, Daniel Taylor Re: SPF-compliant phishing?, David Woodhouse Re: SPF-compliant phishing?, Rik van Riel Re: SPF-compliant phishing?, David Woodhouse RE: SPF-compliant phishing?, guy RE: SPF-compliant phishing?, Seth Goodman RE: SPF-compliant phishing?, Rik van Riel RE: SPF-compliant phishing?, Seth Goodman RE: SPF-compliant phishing?, Stuart D. Gathman

Previous by Date:	RE: Wildcard DNS entry, David Woodhouse
Next by Date:	Re: SPF-compliant phishing?, Daniel Taylor
Previous by Thread:	Re: SPF-compliant phishing?, Stuart D. Gathman
Next by Thread:	Re: SPF-compliant phishing?, Tony Finch
Indexes:	[Date] [Thread] [Top] [All Lists]