On 2004-09-15 01:51:17 +0200, Markus Stumpf wrote: > On Wed, Sep 15, 2004 at 12:20:13AM +0200, Peter J. Holzer wrote: > > Why should they? No legitimate user would want to send mail as > > johndoe at ABordeaux-251-2-10-162.w82-125.abo.wanadoo.fr, because he will > > never be able receive an answer (assuming that this is an address in a > > dynamic address pool). The legitimate user will send want to send mail > > as johndoe at wanadoo.fr, or maybe johndoe at bordeaux.wanadoo.fr. > > Not quite right. > There is a big difference between 2821.MAILFROM and 2822.From. I can > fake the 2821.MAILFROM and use my correct 2822.From and everybody will > be able to answer using a MUA. Yes, but which MUA used by "normal" users does this? My point was that ISPs wouldn't post such SPF records because such records are of no use to (almost all) their legitimate users (Only work/cost for the provider, but no benefit). > > This allows to domain owner to prevent forgeries (or rather, allows the > > domain owner to publish information which will allow the recipient to > > recognize the forgery easily), which will reduce bounces and misguided > > complaints. > > And they all will have to learn that it is not sufficient to add SPF > records to the domain only. > What will happen (as per SPF) with emails sent with a sender address > user at www.your_domain > or how about > user at vishna.your_domain Nothing. There are no mail addresses of this form. Every mail to will either bounce with "Connection refused" or "550 no such user". > The really funny thing is that - as www.your_domain is a CNAME - > you cannot even add a SPF record for www.your_domain, as CNAMEs does not > allow other RRs for the same LHS. I could change the CNAME to an A record, or I could add the SPF record to asherah.my_other_domain. I just don't see the need. > So you cannot prevent forgery with SOF abusing www.your_domain. I don't need to. hp -- _ | Peter J. Holzer | Je höher der Norden, desto weniger wird |_|_) | Sysadmin WSR | überhaupt gesprochen, also auch kein Dialekt. | | | hjp at hjp.at | Hallig Gröde ist fast gänzlich dialektfrei. __/ | http://www.hjp.at/ | -- Hannes Petersen in desd
Attachment:
pgpTtChFA1l96.pgp
Description: PGP signature
_______________________________________________ Asrg mailing list Asrg at ietf.org https://www1.ietf.org/mailman/listinfo/asrg