spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[spf-discuss] Question about SPF1 on FROM: address

2006-03-16 02:54:34
from [Hector Santos] [Permanent Link] 
My sales address got this today in what looked like to be business
solicitation spam from an email marketer. It look like it was "personalized"
but it also had a PS: stating that if we don't want any more mail like this,
we should contact him. So with that I saw that as a "Business Spam" which we
get a lot for our sales address.

Here is the header:

MAIL.FROM: <n(_dot_)10262(_dot_)86418(_at_)email-newsletter-link(_dot_)com>
RCPT.TO: <sales(_at_)santronics(_dot_)com>
DATA:
Received: from mail166.email-newsletter-link.com ([8.6.240.166])
          by winserver.com (Wildcat! SMTP v6.1.451.7) with SMTP
          id 1626857296; Wed, 15 Mar 2006 15:04:41 -0500
Received-SPF: pass (winserver.com: domain of
           n(_dot_)10262(_dot_)86418(_at_)email-newsletter-link(_dot_)com
           designates 8.6.240.166 as permitted sender)
           receiver=winserver.com;
           client-ip=8.6.240.166;
           
envelope-from=n(_dot_)10262(_dot_)86418(_at_)email-newsletter-link(_dot_)com;
           helo=mail166.email-newsletter-link.com;
Date: Wed, 15 Mar 2006 15:02:42 -0500
From: "Manuel Carretero" <manuel(_dot_)carretero(_at_)stedb(_dot_)com>
To: sales(_at_)santronics(_dot_)com
Subject: newsletter?
MIME-Version: 1.0
X-Mailer: mef v8.3.2.5013.86418
Reply-To: r(_dot_)10262(_dot_)86418(_at_)email-newsletter-link(_dot_)com
Message-Id: 
<20060315150004(_dot_)pcyhsufosi(_at_)email-newsletter-link(_dot_)com>

This pass SPF for the email-newsletter-link.com which has a record of:

   v=spf1 mx ptr -all


Now the 2822.From: field has a stedb.com domain and an SPF record:

   v=spf1 mx -all

Notice the RESTRICTIVE -ALL usage in both cases.

The question is this:

If this person was to send mail directly using his stedb.com (2821 MAIL
FROM: was stedb.com) then it could only send mail from the MX machine:

     mail.stedb.com

which points to 8.6.240.21

In other words, he has declared that NO other machine should be sending mail
on behalf of the domain stedb.com.

So why should this email be accepted if the FROM: field has a Restrictive
SPF policy?

I ask because I am exploring rules where RESTRICTIVE policies are prevailing
.

If the stedb.com SPF record was NEUTRAL then I can understand better in
allowing this message to go thru.   But it is restrictive, and therefore we
have different rules here.

Comments?

2nd question:

How does Sender-ID/PRA make this different or how would it apply?

Is this an example of the "Conflict?" of SPF1 vs SPF2.0?  In other words,
what would Manuel do to make this SPF setup work right for this type of
"forwarding?"

Thanks

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com






-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Question about redirect syntax, Stuart D. Gathman
Next by Date:  Re: [spf-discuss] Question about SPF1 on FROM: address, Stuart D. Gathman
Previous by Thread:  [spf-discuss] SPF RR not totally useless for v=spf1, Stuart D. Gathman
Next by Thread:  Re: [spf-discuss] Question about SPF1 on FROM: address, Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]