On Tue, 2004-12-07 at 09:59 -0600, Daniel Taylor wrote:
(IP connect reverse lookup to forwarding host.example.org)
MAIL FROM: host.example.com
From: A(_at_)example(_dot_)net
I'd reject that MAIL FROM command; it's syntactically invalid and
doesn't even have a localpart. I'm going to assume your example was
supposed to be something like:
(connect from host.example.org)
HELO host.example.org
MAIL FROM:<A(_at_)example(_dot_)com>
From: A(_at_)example(_dot_)net
OK, forged or not?
You can't tell.
It could be a perfectly "valid" email really from A(_at_)example(_dot_)net
sent by the mail server at example.com and forwarded through
example.org.
Or, it could be all be made up except for the part about this
hop originating from forwarder.example.org.
I assume you mean from host.example.org. In which case you are entirely
correct.
Since there is no way to tell how careful forwarder.example.org
is about accepting mail for forwarding, there is no way to tell.
Right. And the situation is _exactly_ the same with SRS. It would be:
(connect from host.example.org)
HELO host.example.org
MAIL
FROM:<SRS0=xx=yy=example(_dot_)com=A(_at_)host(_dot_)example(_dot_)org>
From: A(_at_)example(_dot_)net
... and you _still_ can't tell. As you correctly state above, it could
all be made up except for the part about this hop originating from
host.example.org. (Well, you said 'forwarder.example.org' which didn't
appear anywhere in your example, but I'm trying to work around your
communication problems as well as I can).
THIS is why forgery-based forwarding is broken.
No. This is the reason why in _practice_ SPF doesn't actually achieve
anything more than CSV does.
It is the type of forwarding that is indistinguisable from forgery
that is the only type effected by SPF.
<...>
Therefore, SPF prevents this type of forgery^H^H^H^Hwarding.
Those two statements of yours contradict each other. First you claim
that SPF causes normal forwarding and then you claim that it prevents
it.
Be specific. Perhaps when you've sobered up?
No need to be insulting you misbegotten sack of dung.
I was hoping it would embarrass you into being a little more careful
with your next email, but still I had to fight hard to make sense of the
inconsistencies in your example. It wasn't really meant to be insulting.
With those who are actually capable of expressing themselves coherently
but are just being lazy, such a comment is often productive.
--
dwmw2