spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Re: Fixing Forwarding with RPF

2006-11-14 05:08:27
On Tue, Nov 14, 2006 at 10:58:55AM +0000, K.J. Petrie (Instabook) wrote:

                                         If I move house and ask the Post 
Office to send the mail on, you wouldn't say they were falsifying the origin 
of my mail, why is this any different?

1: You aren't the post office.
2: Email has no stamps

The analogy works if you:

- Receive a letter at your house
- change the "to" name into that of your office
- don't make other changes, including no new stamps
- post the letter as if it were an original one

You may get away with it for a while, but eventually the postal service
is going to stop this.

Sure, "return address"(email) and "stamps"(snailmail) aren't similar.  However,
this makes the return address more important, as that is where problems go so
that is where the cost is paid (labour).


by which it reached me, why is it forgery to say it came from you, which it 
originally did? 

Please understand the difference between "Author" (who wrote it, where did it
_originally_ come from) and "Sender" (who am I talking to _now_).

                If you didn't send it, and the return address really is 
forged, it only has a chance of bouncing to you if my ISP (foolishly) decides 
to bounce SPF fails, in other words if SPF IS checked.

1) Mail to petrie(_at_)forwarder(_dot_)example, return address 
"forged(_at_)victim(_dot_)example"
2) The forwarder changes "petrie(_at_)forwarder(_dot_)example" into 
"pertii(_at_)instabook(_dot_)example"
   and makes no other changes, then resends the message using
   MAIL FROM:<forged(_at_)victim(_dot_)example>"
3) instabook.example does not accept the message, because of the typo.
4) The forwarder sends the message "back" to forged(_at_)victim(_dot_)example

The bounce is sent because SPF is NOT checked.

Now, with SPF verification:

1) Mail to petrie(_at_)forwarder(_dot_)example, return address 
"forged(_at_)victim(_dot_)example"
2) Forwarder notices a discrepancy between the sender's IP address and the
   SPF record at victim.example; thus forwarder rejects the message.
   The message is not accepted, there is no bounce to be generated.

Alex

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735

<Prev in Thread] Current Thread [Next in Thread>