johnp wrote:
So - if you have an account with this ISP it would appear that you can
happily spoof any domain you like, and you don't need a username or
password - just pop before smtp (presumably). I suppose the next
thing will be complaints from the customer when his mails are rejected
by SPF because his ISP is not included in the spf record?
Can anyone see anything right about this arrangement - or am I
blinkered/stupid?
While not right, I can easily believe it. I recently worked for a CLEC
that did the same thing - in 32 continental US cities. No pop before
smtp either. Quite commonplace apparently. As long as you're on that
company's network, you've got a nice open-relay.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com