eBay forges the From address. Here is a sample header I used to test with. This is pure forgery. Therefore, eBay will be broken after July 4th 2004 if they elect not to fix this issue.
Return-path: <auctions@cyberglobe.net>
X-Reverse-Lookup: by ms-rrdns (v0.6); Found 4 IPs: Good=3 Bad=0 Private=1
66.193.107.30 = 66-193-107-30.gen.twtelecom.net
66.193.107.95 = 66-193-107-95.gen.twtelecom.net
66.135.197.13 = mxpool07.ebay.com
10.6.61.30 = Private.Block[RFC-1918]
Received: from smtp30.newbytes.net (66-193-107-30.gen.twtelecom.net [66.193.107.30]) by cyberglobe.net
(Rockliffe SMTPRA 5.2.5) with ESMTP id <B0013031335@www.cyberglobe.net> for <auctions@cyberglobe.net>;
Sun, 5 Oct 2003 12:40:51 -0400
Received: from mx5.newbytes.net ([66.193.107.95])
by smtp30.newbytes.net with esmtp (SpamSlayer 3.0)
id 1A6BsP-000KsD-02
for auctions@cyberglobe.net; Sun, 05 Oct 2003 09:36:57 -0700
Received: from mxpool07.ebay.com ([66.135.197.13] helo=mx13.sjc.ebay.com)
by mx5.newbytes.net with esmtp (SpamSlayer 2.0)
id 1A6Bs3-0006EA-00
for auctions@cyberglobe.net; Sun, 05 Oct 2003 09:36:35 -0700
Received: from cellphone.sjc.ebay.com (cellphone.sjc.ebay.com [10.6.61.30])
by mx13.sjc.ebay.com (8.12.3/8.12.3) with SMTP id h95GaP01012220
for <auctions@cyberglobe.net>; Sun, 5 Oct 2003 09:36:25 -0700
Message-Id: <200310051636.h95GaP01012220@mx13.sjc.ebay.com>
To: auctions@cyberglobe.net
From: auctions@cyberglobe.net
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Subject: Question from eBay Member
Date: Sun, 05 Oct 2003 09:36:25 PDT
X-SS-01: 66.135.197.13
X-SS-02: mxpool07.ebay.com
X-SS-03: mx13.sjc.ebay.com
X-SS-04: mxpool07.ebay.com ([66.135.197.13] helo=mx13.sjc.ebay.com)
X-SS-05: auctions@cyberglobe.net
X-SS-06:
X-SpamSlayer: 1210
Rudy K.
----- Original Message -----
From: "David Saez" <david@ols.es>
To: <spf-discuss@v2.listbox.com>
Sent: Monday, October 06, 2003 10:16 AM
Subject: Re: [spf-discuss] Concerns about SPF and ebay messages
> Hi !!
>
> > > > I have read up about SPF and I have a concern with eBay messages. I know
> > > > that eBay forges the headers to show that the sender is the from address.
> > > > I also know that once SPF goes full Deny, how will eBay be able to send
> > > > these messages again?
> > >
> > > without any problem, eBayonly forges the headers, not the envelope sender
> > > which is what spf tests.
> >
> > Are you sure about that? I saw a SPF-based failure on Sep 29th.
> > 2003-09-29 11:11:06 1A42UC-0008Sj-JE H=mxpool07.ebay.com (mx13.sjc.ebay.com) [66.135.197.13] F=<email@address.com> rejected after DATA: Not authorized by SPF
> > (I changed the email address for privacy reasons).
>
> well, I really don't know what eBay is doing but all mailing list software I
> know uses as the envelope sender the mailing list address or some kind of verp
> that belong to the same domain as the mailing list.
>
> --
> Best regards ...
>
> Discoveries are made by not following instructions.
>
> ----------------------------------------------------------------
> David Saez Padros http://www.ols.es
> On-Line Services 2000 S.L. e-mail david@ols.es
> Pintor Vayreda 1 telf +34 902 50 29 75
> 08184 Palau-Solita i Plegamans movil +34 670 35 27 53
> ----------------------------------------------------------------
>
> -------
> Sender Permitted From: http://spf.pobox.com/
> Archives at http://archives.listbox.com/spf-discuss/current/
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname@½§Åv¼ð¦çš2b¥yÈbox.com
>
-------
Sender Permitted From:
http://spf.pobox.com/ Archives at
http://archives.listbox.com/spf-discuss/current/ To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to
http://v2.listbox.com/member/?listname@½§Åv¼ð¦¾Øß´ëù1Ií-»Fqx.com