Re: [Asrg] Re: SPF abused by spammers

[Barry Shein <bzs at world.std.com>]

I will admit that I am *almost* beaten into the ground in pure
frustration by the lengthy verbiage and misinterpretations of the
questions but ONE MORE TIME...(I know I know it's all my fault.)

Can wanadoo.fr publish an SPF record allowing the PC which is
currently assigned the host name:

      ABordeaux-251-2-10-162.w82-125.abo.wanadoo.fr

to send mail claiming to be from:

      johndoe at ABordeaux-251-2-10-162.w82-125.abo.wanadoo.fr

I say they can and likely will, but more importantly that spammers who
grab such a host as a zombie can use this to send all the mail they
want past any SPF.



On September 14, 2004 at 01:17 hjp-asrg at hjp.at (Peter J. Holzer) wrote:
 > > Can't wanadoo.fr publish an SPF record allowing
 > > ABordeaux-251-2-10-162.w82-125.abo.wanadoo.fr to send email directly?
 > > 
 > > Not "are they likely to", or "it wouldn't seem to be in their best
 > > interest", but just: Can they or not?
 > 
 > They can not. 
 > 
 > They can publish an SPF record allowing
 > ABordeaux-251-2-10-162.w82-125.abo.wanadoo.fr to send mails with
 > a sender domain of wanadoo.fr directly (and probably lots of
 > other domains, too). They cannot publich an SPF record allowing
 > ABordeaux-251-2-10-162.w82-125.abo.wanadoo.fr to send mails with a
 > sender domain of ietf.org or hjp.at.

-- 
        -Barry Shein

Software Tool & Die    | bzs at TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg