spf-discuss
[Top] [All Lists]

Re: [spf-discuss] not sure how this is happening[Scanned]

2006-01-27 07:02:26
On Fri, Jan 27, 2006 at 02:30:22PM +0100, Arjen de Korte wrote:

In general SPF is workiing well, but recently one of our users has been
receiving spam, apparently from himself.

I may have missed something here, but I don't recall that the OP mentioned
<user(_at_)analox(_dot_)net> in MAIL FROM. In fact, I very much doubt that it 
was
used in the transmission of this mail. The vast majority of imposters is
using someone else's domain name.

You have, indeed, missed something.  Of course, "user" is just
a placeholder for the real, non-disclosed, username.

However, it could be a case of some random name in RFC821 "MAIL FROM"
and the specified user in RFC822 "From:", I grant you that.

This is where senderID, should it work, would work and SPF not.

Does this program verify "mail from" and "helo" ?  If so, it is doing
a lousy job.

Not neccessarily. Many SPF implementations will not check HELO if a
non-empty MAIL FROM is present (including Mail::SPF::Query).

If it does not check HELO, then my "Does this...?" question is not
acknowledged hence the remark is not applicable.

Alex

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com