spf-discuss
[Top] [All Lists]

Re: Explain please

2005-07-08 07:10:56
In 
<1120828486(_dot_)19467(_dot_)519(_dot_)camel(_at_)hades(_dot_)cambridge(_dot_)redhat(_dot_)com>
 David Woodhouse <dwmw2(_at_)infradead(_dot_)org> writes:

On Fri, 2005-07-08 at 14:52 +0200, Julian Mehnle wrote:
Forwarding without sender rewriting is a bad thing because it cannot be 
distinguished from regular envelope sender forgery. 

[snip]

Forwarding without sender rewriting _can_ be distinguished from regular
envelope forgery; it's just that _SPF_ cannot achieve that task. 

However, BATV/SES and DKIM _can_ tell forgery from forwarded mail.

While ABBS/SES/BATV can distinguish envelop from forgery from
forwarding, DK, IIM and DKIM can not.  All of these systems are
vunerable to the replay problem.


You can see it in action if you like. Try forging a mail from me to
anywhere that bothers with SMTP callouts.

Many people consider SMTP callbacks to be abusive.


-wayne