RE: SPF-compliant phishing?

-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Tony 
Finch
Sent: Friday, September 17, 2004 11:14 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] SPF-compliant phishing?


On Thu, 16 Sep 2004, Scott Kitterman wrote:


Until you (meaning all of us) attack the cross customer forgery

problem on

shared MTAs, those of us who want to outsource SMTP services

are out of luck

getting to pass.


This problem can be solved by making the SMTP server require
authentication and prevent clients from using addresses that do not belong
to them.

Tony.


Yes.  Absolutely.  Problem is, how many commercial SMTP operators do that
today?  Answer near as I can tell is almost none.  More and more are doing
the authentication, but allowing clients to use non-local addresses, but
only ones that belong to them seems to be very rare.

Scott Kitterman

<Prev in Thread]	Current Thread	[Next in Thread>
Re: SPF-compliant phishing?, (continued) Re: SPF-compliant phishing?, Jonathan Gardner Re: SPF-compliant phishing?, David Woodhouse Re: SPF-compliant phishing?, Jonathan Gardner Re: SPF-compliant phishing?, David Woodhouse RE: SPF-compliant phishing?, Guy Re: SPF-compliant phishing?, Jonathan Gardner RE: SPF-compliant phishing?, Scott Kitterman RE: SPF-compliant phishing?, Stuart D. Gathman RE: SPF-compliant phishing?, Scott Kitterman RE: SPF-compliant phishing?, Tony Finch RE: SPF-compliant phishing?, Scott Kitterman <= Re: SPF-compliant phishing?, Alan Batie Re: SPF-compliant phishing?, Paul Ficinski Re: SPF-compliant phishing?, Alan Batie Re: SPF-compliant phishing?, John A. Martin Re: SPF-compliant phishing?, Stuart D. Gathman RE: SPF-compliant phishing?, guy RE: SPF-compliant phishing?, David Woodhouse Re: SPF-compliant phishing?, Stuart D. Gathman Re: SPF-compliant phishing?, David Woodhouse Re: SPF-compliant phishing?, Nico Kadel-Garcia