-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frank Ellermann wrote:
Daniel Taylor wrote:
EHLO j.random.example.org
MAIL FROM: "user(_at_)example(_dot_)com"
RCPT TO: user(_at_)example(_dot_)com
[...]
Lesson: make sure you validate your input.
Yes, AFAIK that should be an SMTP syntax error for
the MAIL FROM, and you'd never reach the second
syntax error in RCPT TO, let alone any SPF tests.
But MAIL FROM:<"user"@example.org> would be okay,
that should also work for SPF tests (result NONE).
Yes, it should generate a syntax error on MAIL FROM:, but in the
fine tradition of accomodating broken senders most MTA's will accept
it. I am beginning to believe that simply tightening up MTA's so
that they will reject random garbage instead of trying to make
allowances for brokenness will do more for eliminating forgery
than SPF.
- --
Daniel Taylor VP Operations Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com http://www.vocalabs.com/
(952)941-6580x203
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDCMzo8/QSptFdBtURAhRSAJ9tZcpfUwKFXlPUW4gXmRt0bGG0ogCeOG2J
qEBCXFsqFNNUfST0cc6dRzI=
=mHiZ
-----END PGP SIGNATURE-----