spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Re: "pretend" MAIL FROM

2007-03-13 09:53:26
from [Stuart D. Gathman] [Permanent Link] 
On Tue, 13 Mar 2007, Frank Ellermann wrote:


check SPF for randomdomain.com, you check SPF as if the MAIL FROM was:

 

MAIL FROM: <postmaster(_at_)myforwarder(_dot_)com>

 

instead.



If that gets a pass, then you know the mail was forwarded (and SPF
checking on the actual MAIL FROM is useless).


I'd call that "white listing based on a HELO PASS" instead of some
"pretended MAIL FROM".  The latter is fine to explain the concept
of SPF checks in the case of an empty MAIL FROM.  But in your case
the MAIL FROM isn't empty.


Except it is *not* HELO, but the original rcpt to domain.

A -> user(_at_)forwarder(_dot_)com -> final(_at_)receiver(_dot_)com
                           Checks for PASS on forwarder.com
                           (HELO is something else like mx19.forwarder.com,
                            with no easy way to list them all)


If myforwarder.com doesn't actually have an SPF record, then some
SPF libraries (e.g. pyspf) will allow you to supply a substitute
that you figure out and maintain yourself.



Is that something like a "wannabe-white list" for forwarders, adding
a "best guess" policy "v=spf1 a ?all" (or similar) for their HELO ?


It is a local private repository of SPF records for senders that are
too lazy or backwards to do their own.  I put my list in DNS where it
is accessible to all my clients.  The SPF records are contructed by
observing where they send legit mail from and guessing.  It is not 
authoritative, and is labor intensive, but it gets the mail through for
lazy/backward senders that get forged a lot.  (I personally would
not mind just rejecting their misconfigured mail, but my clients think
differently.)

For example, if _spf.example.com is a private substitute SPF repository,
then when SPF result for somesender.com is None, pyspf looks for an SPF
record at somesender.com._spf.example.com and uses that instead of
the default "best guess" policy if found.  It is basically customized best
guess policies.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] Re: "pretend" MAIL FROM, Frank Ellermann
Next by Date:  [spf-discuss] SPF Mentioned in Ubuntu Wekely News, Scott Kitterman
Previous by Thread:  [spf-discuss] Re: "pretend" MAIL FROM, Frank Ellermann
Next by Thread:  [spf-discuss] Re: "pretend" MAIL FROM, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]