spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: draft-newton-maawg-spf-considerations-00

2005-04-21 15:36:35
from [Hector Santos] [Permanent Link] 
Amazing, absolutely amazing!

Look at this example:

   1   S:  220 milo.example.org SuperDuper Mail Server v1.5
   2   C:  HELO felix.example.net
   3   S:  250 milo.example.org Ok.
   4   C:  MAIL FROM: <bob(_at_)example(_dot_)com>
   5   S:  250 Ok.
   6   C:  RCPT TO: <alice(_at_)example(_dot_)org>
   7   S:  250 Ok.
   8   C:  DATA
   9   S:  354 Ok.
   10  C:  Subject: This is an example email
   11  C:  From: Bob <bob(_at_)example(_dot_)net>
   12  C:  To: Alice <alice(_at_)example(_dot_)com>
   13  C:
   14  C:  This is the body of the email message.
   15  C:  It is two lines long.
   16  C:  .
   17  S:  250 Ok. 42548455.00000B74
and not ONE security consideration or discussion about the RCPT TO:
validatity.

The assumption is that RCPT is a validate address.  THIS IS A POOR
ASSUMPTION IN A PRACTICAL IMPLEMENTATION OF SPF OR ANY PROTOCAL PERFORMING
CHECKS BEFORE THE RCPT STATE.   It is without a doubt a major DNS Overhead
Reduction consideration and without a doubt a security consideration.

This lack of consideration alone makes the "implementation" document
worthless to me.  Once again, this is a prime example of "Administrator"
types writing technical documentations but who lack implementation insights.

Do me a favor and pass this message to Newton.

----
Hector Santos, CTO
Santronics Software, Inc.
http://www.santronics.com
http://www.winserver.com/wcsap (Wildcat! Sender Authentication Protocol)
http://www.winserver.com/spamstats  (WcSAP Anti-Spam Stats)



----- Original Message -----
From: "Frank Ellermann" <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de>
Newsgroups: spf.-.sender.policy.framework.discussion
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Thursday, April 21, 2005 5:41 PM
Subject: [spf-discuss] draft-newton-maawg-spf-considerations-00



Fresh from the I-D factory:

draft-newton-maawg-spf-considerations-00



http://www.ietf.org/internet-drafts/draft-newton-maawg-spf-considerations-00
.txt



-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper!  http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your

subscription,

please go to

http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  draft-newton-maawg-spf-considerations-00, Frank Ellermann
Next by Date:  Re: draft-newton-maawg-spf-considerations-00, Frank Ellermann
Previous by Thread:  draft-newton-maawg-spf-considerations-00, Frank Ellermann
Next by Thread:  Re: draft-newton-maawg-spf-considerations-00, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]