On Fri, Nov 26, 2004 at 07:39:57PM +0000, Fridrik Skulason wrote:
OK, there are three parties involved... There is a virus running on
machine X, which mails itself to Y, with forged headers, so it appears
to be from Z.
What frequently happens is that the actual receiver address is not
valid - "no such user", so the mail is returned....but it is
returned to Z. If Y did proper SPF checking, the message should
IMO have been dropped, meaning that Z would not have received this "spam".
If this would be a sane MTA, the message would not be accepted in
the first place. It really doesn't matter if this MTA is SPF aware.
There is a slightly modified example possible where it does matter
if Y checks SPF:
X sends mail and is allowed by SPF
Y checks recipient and sender, accepts the mail
Y cannot do final delivery (mailbox full, or message is virus)
Y bounces to Z.
vs
X sends mail and is not allowed by SPF
Y checks recipient and sender, accepts the mail but flags SPF-fail
Y cannot do final delivery (mailbox full, or message is virus)
Y does not bounce to Z.
cheers,
Alex
--
I ask you to respect any "Reply-To" and "Mail-Follow-Up" headers. If
you reply to me off-list, you'd better tell me you're doing so. If
you don't, and if I reply to the list, that's your problem, not mine.