spf-discuss
[Top] [All Lists]

Re: Re: Problem with SID

2005-06-21 08:38:25
On Tue, Jun 21, 2005 at 04:31:14PM +0200, Frank Ellermann wrote:

It's the same "CYA" problem as one year ago, only the idea
that a bogus PASS might be less harmful than a bogus FAIL
was new (but incorrect).

 A connection from mail.spamhost.tld or any other server for
 that matter:

 Helo: victim.tld
 Mail from: <spammer(_at_)victim(_dot_)tld>
 Rcpt to: <victim(_at_)hotmail(_dot_)tld>
 Data
 ...
 ...
 From: <rude(_at_)xyzzy(_dot_)claranet(_dot_)tld>


RFC821 isn't checked.  Bounces, if any, will go to victim. There's
no protection available, unfortunately.

RFC822 is checked, against SPF and I do understand that this
is not how it SHOULD work.  However, where is the harm?

Either mail.spamhost.tld is allowed to say "xyzzy.claranet.tld"
or it isn't.  When would you allow a host to use this name in
RFC821 but not in RFC822 ?

And on and on and on, it's pretty basic to get the idea that
PRA and MAIL FROM are sometimes different.  As soon as that
is clear you can also construct bogus PRA-PASS results.  It
is abuse, everybody with an IQ near room temperature sees it.

Would that be Kelvin, degrees Celsius or degrees Fahrenheit?

This will do it, yeah.  Clear, concise.

Alex


<Prev in Thread] Current Thread [Next in Thread>