spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Multiple header entries

2004-12-01 12:09:54
from [Mark] [Permanent Link] 
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com 
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of 
terry(_at_)ashtonwoodshomes(_dot_)com
Sent: woensdag 1 december 2004 18:25
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Multiple header entries




The 'official' status of the Received-SPF: header is a bit
in limbo, I believe. But like regular Received: headers,
you could follow the practice of adding one 'on top', and leave
the older ones be; like so:

Received-SPF: pass (asarian-host.net: domain of
listbox+trampoline+735+865569+5f71ec8d(_at_)v2(_dot_)listbox(_dot_)com 
designates
207.8.214.5 as permitted sender)
Received-SPF: pass (backbone.midwestcs.com: domain of midwestcs.com
designates 206.222.212.237 as permitted sender)
client-ip=206.222.212.237;
envelope-from=wayne(_at_)midwestcs(_dot_)com; helo=midwestcs.com;

Adding the hostname of the receiving machine ($j in sendmail)
right after the first bracket makes for an easy history trail.

- Mark


But if one was not using SPF to do SMTP time rejection, but
using the header in a scoring technique
(like spamassassin) isn't that likely to cause a problem,
e.g. when your SPF check failed, but the
spammer stuck in a fake SPF pass header line: The fake pass
could negate the real fail, or the real
fail could even be superceded by the fake pass.


I do not see how this could occur. A spammer can inject as much
Received-SPF headers as he darn well pleases; but if your MTA adds his
on top, then all SA has to do, is look at the top-most Received-SPF
header, and only process that one. :)

If no Received-SPF was added by your own MTA, then there is no danger,
either. Consider the following header added by a spammer:

   Received-SPF: pass (spammer ..... spammer)

You let SA simply ignore those (wrong $j: should be yours!). And what is a
spammer adds the following?

   Received-SPF: pass (yourdomain: ..... spammer)

Actually, there is no real way to prevent that; except, of course, to do
your own SPF-checking; then your Received-SPF header is always top-ranked.

- Mark 
 
        System Administrator Asarian-host.org
 
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Ignoring rejected mail?, David Woodhouse
Next by Date:  RE: Multiple header entries, Scott Kitterman
Previous by Thread:  RE: Multiple header entries, terry
Next by Thread:  RE: Multiple header entries, Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]