spf-discuss
[Top] [All Lists]

Re: Explain please (Was: SPF Stats)

2005-07-06 09:37:23
On Wed, 2005-07-06 at 11:32 -0500, Daniel Taylor wrote:
If I get an e-mail from example.org fraudulently claiming to originate
from example.com that is forgery. That is what SPF is specifically
created to prevent.

It isn't forgery. It's no _more_ forgery than the letter you receive
with my home address on the back of it, which you might be shocked to
discover _actually_ came from your local post office.

Mail exchangers exchange mail. Film at 11.

If I get an e-mail from example.net that is a legitimate forward from
example.com that claims to be directly from example.com I cannot tell
the difference between the legitimate message and the above forgery.

Why do you claim that you cannot? There are many methods such as BATV,
DKIM, etc. which allow you to distinguish between the two.

One particular method is broken and cannot work for you. With that I
agree.

This is not a breakage of SPF, it is a natural consequence of the
situation, and ANY general solution to the problem of e-mail source
forgery is going to require changes on the part of forwarders. It is
simply unavoidable as long as forwarding is done using a technique
that is indistinguishable from forgery.

Any apart form the others.

-- 
dwmw2


<Prev in Thread] Current Thread [Next in Thread>