spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Electronic Frontier Foundation (EFF) Article On Anti-Spam Technologies Mentions SPF

2004-11-18 18:00:10
from [Frank Ellermann] [Permanent Link] 
Vivien M. wrote:


The test for "semi-legitimately forged mail"

[...]

should be something like "mail that is sent by or on direct
behalf of the human being entitled to use that From: address
outside of the setting allowed by the domain owner's SPF
record".


Works.  I use a From: nobody(_at_)xyzzy everywhere (e.g. this mail),
v2.listbox.com is certainly _not_ authorized to say MAIL FROM
nobody(_at_)xyzzy(_dot_)

I also use From: nobody(_at_)xyzzy with an MSA "enforcing submission
right", i.e. it forces me to use MAIL FROM:<me(_at_)msa> with "my"
Aunt Mary From: nobody(_at_)xyzzy(_dot_)

And my MUA is at least 7 years old.  I don't have to edit file
outbox for this stunt.  Your "semi-legit" stuff breaks with
PRA (Sender ID) in many obscure cases, it works fine with SPF.


both my semi-legitimately forged mail and fully forged mail
are viewed in the same way.


Not if you'd use a valid MAIL FROM depending on the scenario.
SPF doesn't try to interpret the 2822 From.  That's the error
in "Sender ID" (or rather one of many "Sender ID" errors).

 [greeting cards] 

SPF kills those.


That's not true.  I test it with heise.de while I write this
article:  <http://www.heise.de/english/newsticker/news/53363>

Oops, the english pages don't offer to send it as mail, I use
the German page <http://www.heise.de/newsticker/meldung/53339>

| Return-Path: www(_at_)heise(_dot_)de
| Received: from quack.de.clara.net ([212.82.225.100])
|  [...truncated...]
| Received: from www.heise.de ([193.99.144.71])
|      by quack.de.clara.net with esmtp (Exim 4.34 (FreeBSD))
|      id 1CUwaF-0006DP-5y for rxdyndns(_at_)xyzzy(_dot_)claranet(_dot_)de;
|      Fri, 19 Nov 2004 01:25:03 +0100
| To: rxdyndns(_at_)xyzzy(_dot_)claranet(_dot_)de
| From: nobody(_at_)xyzzy(_dot_)claranet(_dot_)de
| Sender: nobody(_at_)xyzzy(_dot_)claranet(_dot_)de
| Reply-To: nobody(_at_)xyzzy(_dot_)claranet(_dot_)de

See ?  No SPF problem, they used their own Return-Path (and
a bogus Sender, ho hum, "Sender ID" breaks heise.de, big fun)

`nslookup -q=txt heise.de` says
"v=spf1 ip4:193.99.144.0/24 ip4:193.99.145.0/24 ?all"

That covers 193.99.144.71, SPF PASS (but PRA FAIL), bye, Frank
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Re: Electronic Frontier Foundation (EFF) Article On Anti-Spam Technologies Mentions SPF, Mark
Next by Date:  Re: MAAWG Whitepaper released Nov 18, Frank Ellermann
Previous by Thread:  RE: Electronic Frontier Foundation (EFF) Article On Anti-Spam Technologies Mentions SPF, Vivien M.
Next by Thread:  Re: Electronic Frontier Foundation (EFF) Article On Anti-Spam Technologies Mentions SPF, Michael Hammer
Indexes:  [Date] [Thread] [Top] [All Lists]