On Sat, Feb 12, 2005 at 09:01:16AM -0500, Nico Kadel-Garcia wrote:
OK, we're right back to the uselessness of forwarding. Forwarding is
*broken*. If you allow standard forwarding, sometimes called "mail
reflection", then there is no way to tell your system from a forger because
you are, in fact, forging the email. This has been broadly allowed up to
now so that the bounces go where they're supposed to, but it means that the
forwarder has to learn how to do SES/SRS and themselves put in significant
spam blocking to get forwarding done safely.
I know. My point is that the one protecting his mail with -all
still suffers in the case where old-style forwarders are involved.
Read again if you didn't get this.
Example 2:
-1- bad(_at_)badguy(_dot_)example(_dot_)com pretends to be
good(_at_)goodguy(_dot_)example(_dot_)org
and connects its machine to some dial-this-expensive-number-and-
get-ip-connectivity provider. It sends its spam to the SMTP
gateway of this provider. No spf checking is done.
-2- This provider tries sending the message, using
good(_at_)goodguy(_dot_)example(_dot_)org as sender address.
Reject, bounce, see -3-
That sender address is irrelevant to SPF. Don't confuse SPF with analyzing
the "From:" line.
I am not confusing the two. I am talking about mail_from, the sender,
not about from: the author.
MAIL FROM is what is relevant, and the SMTP gateway of
the provider normally sets that to
spammer-login-name(_at_)ISP-SMTP-server(_dot_)com(_dot_)
If they're not using something like that, then they're probably an open
relay and should already be in the blacklists.
Why do you think this is the case? If the spammer, at home, is
allowed to use the relay, it could be because the server is
configured to allow an IP range. In essence, the server is an
open relay for a certain part of the address space.
The type of provider I'm talking about has no relationship with
its customers, all they care about is $$$. There is no login name,
or if there is it is meaningless and generic.
Alex