Hi Julian,
Thanks for your reply with all the information.
[...]
Is my understanding correct, in that if all domains had SPF records set
in the DNS fields this would prevent fraudulent spam.
Not entirely. See the green boxes on
http://new.openspf.org/SPF_vs_Sender_ID
SPF (v1) protects only the envelope sender address, not the "From" or
"Sender" headers. The envelope sender address is not usually displayed by
mail clients, only the "From" and "Sender" headers are. So SPFv1 cannot
protect against forged sender addresses in the message header.
The envelope sender address is not used for informing the end user but only
for the purpose of transporting the message on the internet and sending
delivery error messages. Thus SPFv1 really only protects you against
wrongly addressed delivery error messages.
Microsoft's Sender ID aims to protect the sender address in the message
header, but fails to actually do so for somewhat complicated reasons. The
SPF project is planning on working on another revision of SPF, SPFv3,
starting some time next year, which will hopefully be a more intelligent
successor to SPFv1 than Sender ID is.
I had hoped for a way to stop me getting spam, but it sounds like a spammer
just needs to setup their SPF record for their envelope sender address,
and then put the fake From address in place to still be able to spam.
And then what happens if their envelope-sender address is just going to
/dev/null? Have they really lost anything? And what if the evelope
address isnt even a valid email address...? I assume they can put
anytyhing in there if they control the SMTP server with the correct SPF
record. Do emails in that case bounce back somewhere (if
spammer(_at_)his-host(_dot_)com envelope-sender doesn't actually acceept email)
?
Could mail servers also check the From: address using the SPF record?
Is my understanding correct, in that all mail servers which are relaying
the email to the final POP account etc have to read all the Received:
lines in the header, pick out the last line and check that that machine
is authorised on the SPF record of the envelope sender (MAIL FROM) ?
But it would still mean that spammers could have accurate SPF records for
their domains and then send spam from those domains?
Yes, by definition. This applies to _any_ domain-based sender policy
scheme, including any potential SPF successors.
ah ok. my ISP, easily.co.uk had indicated SPF would solve the problem of
me receiving spam.
I could also see a potential problem where a spammer has a compromised
machine on a Tiscali ADSL connection, he looks up from his list email
domains which can send email from smtp.tiscali.co.uk and inserts
user(_at_)tiscali(_dot_)co(_dot_)uk in the MAIL FROM field. Would that
defeat the
protection SPF provides?
No. If the domain "tiscali.co.uk" authorizes the compromised system's IP
address to send mail using that domain, then SPF works as advertised. SPF
is not a virus scanner.
I wonder if there is complete solution to spam, which checks upon
connection to the MX and does Reject 554 at the SMTP level if certain
checks fail before the email ever really enters the MX propper?
The only solution to prevent one Tiscali connected machine sending spam
as any Tiscali customer would be their own email server as far as I can
see.. [...]
No domain should ever authorize an ISP's entire IP address range (dial-up
or otherwise). End-user machines are not supposed to send mail to
recipient MTAs directly. Such mail should always be channeled through an
ISP/ESP's or user's dedicated smarthost mail servers, and only those mail
servers should be listed in any domain's SPF record.
I think the point I was trying to make got a bit lost. If a zombie PC
can send email via the tiscali.co.uk single authorised server:
smtp.tiscali.co.uk, without that ISP checking which users are authorised
from which of their customer IP addresses then I could still suffer
bounces from zombie PC which also had an ADSL connection with Tiscali.
My understanding is the Envelope sender address is stored in the
Return-Path: field when it is finally delivered?
Thanks again for replying with the information.
Kind regards
Jon
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735