Re: Simple method to prevent cross-customer forgery on shared MTAs

spf-discuss

Re: Simple method to prevent cross-customer forgery on shared MTAs

2005-05-17 06:15:43

On Tue, May 17, 2005 at 09:10:46AM -0400, Stuart D. Gathman wrote:

On Tue, 17 May 2005, Stuart D. Gathman wrote:

Suppose an SMTP service has domain 'service.com' and wants to
prevent cross-customer forgery.  A client logs in to SMTP AUTH as 'curly' 
and
gives a MAIL FROM of 'moe(_at_)example(_dot_)com'.  The service then looks 
for a DNS A
record at:

    moe._using_.paul._at_.service.com._smtpauth_.example.com


Ooops.  Typo.  That should be:

      moe._using_.curly._at_.service.com._smtpauth_.example.com


which would mean that example.com would trust service.com to
authenticate users __and__ example.com would allow moe to emit
mail from service.com (as moe(_at_)example(_dot_)com), but only when logged
in as user "curly(_at_)service(_dot_)com", right?

Alex

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: OT: SpamCop, (continued) Re: OT: SpamCop, Julian Mehnle Re: OT: SpamCop, Frank Ellermann Re: OT: SpamCop, Julian Mehnle Shared MTA policy implementation idea, Stuart D. Gathman Re: Shared MTA policy implementation idea, Stuart D. Gathman Re: Shared MTA policy implementation idea, william(at)elan.net Re: Shared MTA policy implementation idea, Stuart D. Gathman Simple method to prevent cross-customer forgery on shared MTAs, Stuart D. Gathman Re: Simple method to prevent cross-customer forgery on shared MTAs, Julian Mehnle Re: Simple method to prevent cross-customer forgery on shared MTAs, Stuart D. Gathman Re: Simple method to prevent cross-customer forgery on shared MTAs, Alex van den Bogaerdt <= Re: Simple method to prevent cross-customer forgery on shared MTAs, Stuart D. Gathman Re: Shared MTA policy implementation idea, wayne Re: Shared MTA policy implementation idea, Stuart D. Gathman SRS for postfix yet?, Mark Jeftovic Re: SRS for postfix yet?, John Capo Re: MUST SPF checking be done during SMTP time?, Chris Haynes Re: MUST SPF checking be done during SMTP time?, Frank Ellermann Re: Re: MUST SPF checking be done during SMTP time?, Chris Haynes Re: MUST SPF checking be done during SMTP time?, Julian Mehnle Re: MUST SPF checking be done during SMTP time?, Julian Mehnle

Previous by Date:	Re: Simple method to prevent cross-customer forgery on shared MTAs, Stuart D. Gathman
Next by Date:	Re: People keep misunderstanding what "Pass" and "Neutral" mean (was: Time to start rejecting on neutral?), Hector Santos
Previous by Thread:	Re: Simple method to prevent cross-customer forgery on shared MTAs, Stuart D. Gathman
Next by Thread:	Re: Simple method to prevent cross-customer forgery on shared MTAs, Stuart D. Gathman
Indexes:	[Date] [Thread] [Top] [All Lists]