spf-discuss
[Top] [All Lists]

Re: forged email DSN

2005-02-26 02:23:18
"Stuart D. Gathman" suggested


I am testing a new policy for Python Milter.
<snip>

I know some of you are going to hate this idea, but I wan't to hear the
criticism, and perhaps change things.

Here is a sample DSN, this one for what was obviously (to a human) a forgery:

To: dh(_dot_)hurley_59(_at_)osuuspankki(_dot_)fi
From: postmaster(_at_)mail(_dot_)bmsi(_dot_)com
Subject: Critical mail server configuration error
Auto-Submitted: auto-generated (configuration error)
MIME-Version: 1.0
Content-Type: text/plain

Someone at IP address 211.108.109.85 sent an email to
greg(_at_)bmsi(_dot_)com, claiming to be sent from 
dh(_dot_)hurley_59(_at_)osuuspankki(_dot_)fi(_dot_)
The subject was:

Subject: Online Drugs - save up to 80%

If that wasn't you, then your domain, osuuspankki.fi,
was forged!  This is a very serious problem, especially if
you are part of an institution such as a bank - since the
forger is probably trying to rob your customers.  You need
to provide authentication for your SMTP (email) servers to
prevent criminals from forging your domain.

<snip>



Three suggestions about the wording, rather than the idea:

1) I think the clause "especially if ... since the forger is probably trying to
rob your customers" is unwise.

In the specific example you use, where the subject is "Online Drugs - save up to
80%", it's obvious that the message is not attempting to rob a bank, so your
response immediately looks automated and irrelevant.  That perception then
diminishes the credibility of the rest of the (very good) advice.

I think it is very important to stay factual and credible in this kind of
communication.

2) I think the word 'forged' needs to be explained. Even within SPF circles
people have disagreed about the use of that word in this context.  I would have
said something like "...used without your authority, by sombody attempting to
forge or steal your mail identity."

3) I would also not use exclamation marks in messages like this. That's too
close to spammer-style.

That said, the rest is (to me) excellent.

Chris Haynes





<Prev in Thread] Current Thread [Next in Thread>