Mailing List Archive

Well the *idea* is that a company that implements spf checking would
deny this email at the gateway. It would never make it to the client.

-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com] On Behalf Of Yannick Simon
Sent: Monday, October 04, 2004 5:21 PM
To: spf-help@v2.listbox.com
Subject: [spf-help] a newbie question

Hi every body

my question may be stupid
and i think it must have already been asked

googlemail, for instance, takes the "return-path"
email address (which may be different than the from address) in order to
process its spf filter

let's imagine that this return-path is "forged"
and the from address is fake ...

an example !

return-path : toto@spamer.com
from : billg@microsoft.com

in our usual email client, we'll see this email sent by
billg@microsoft.com, however, the return-path has been accepted by the
spf filter because this spamer (for phishing ...) has a record
.spamer.com in txt "all his smtp servers"

is spf a good solution so ?



-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com


--------------------------------------------------------------------------------
This email is intended only for the named recipents. All email is monitored and archived for compliance requirements.
The views or context in this message may not reflect the view or context of the company.
--------------------------------------------------------------------------------



-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

It would not deny this email if spamer.com has no spf record or an spf
record that allows this mail.. (assuming that with return-path Yannick
meant the envelope from and with From : he meant the 2822 From: header..

And yes, this is a problem with SPF-Classic, which will be one of the
things Unified SPF will address..

the

On Mon, Oct 04, 2004 at 09:54:25PM -0400, Benjamin Zachary wrote:
> Well the *idea* is that a company that implements spf checking would
> deny this email at the gateway. It would never make it to the client.
>
> -----Original Message-----
> From: owner-spf-help@v2.listbox.com
> [mailto:owner-spf-help@v2.listbox.com] On Behalf Of Yannick Simon
> Sent: Monday, October 04, 2004 5:21 PM
> To: spf-help@v2.listbox.com
> Subject: [spf-help] a newbie question
>
> Hi every body
>
> my question may be stupid
> and i think it must have already been asked
>
> googlemail, for instance, takes the "return-path"
> email address (which may be different than the from address) in order to
> process its spf filter
>
> let's imagine that this return-path is "forged"
> and the from address is fake ...
>
> an example !
>
> return-path : toto@spamer.com
> from : billg@microsoft.com
>
> in our usual email client, we'll see this email sent by
> billg@microsoft.com, however, the return-path has been accepted by the
> spf filter because this spamer (for phishing ...) has a record
> .spamer.com in txt "all his smtp servers"
>
> is spf a good solution so ?
>
>
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your
> subscription, please go to
> http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
>
> --------------------------------------------------------------------------------
> This email is intended only for the named recipents. All email is monitored and archived for compliance requirements.
> The views or context in this message may not reflect the view or context of the company.
> --------------------------------------------------------------------------------
>
>
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

----- Original Message -----
From: "Koen Martens" <spf@metro.cx>
To: <spf-help@v2.listbox.com>
Sent: Tuesday, October 05, 2004 9:59 AM
Subject: Re: [spf-help] a newbie question


> It would not deny this email if spamer.com has no spf record or an spf
> record that allows this mail.. (assuming that with return-path Yannick
> meant the envelope from and with From : he meant the 2822 From: header..
>
> And yes, this is a problem with SPF-Classic, which will be one of the
> things Unified SPF will address..
>

Ok, please
consider that my company sends mail
with a subdomain for the return-path

like amazon.com
our e-mails are sent with
a from header "sender@domain.com"
but with a return-path "email_id@bounces.domain.com"

so, i hope Unified SPF will address this issue too

regards

Yannick


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Koen --

Is there a good site that previews the features proposed for Unified SPF?
I'd like to get a head start.

Thanks.

Serre Murphy
Net Fulfillment Technologies, Inc.

-----Original Message-----

>And yes, this is a problem with SPF-Classic, which will be one of the
>things Unified SPF will address..


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

On Mon, Oct 04, 2004 at 11:20:57PM +0200,
Yannick Simon <ysimon@intox.net> wrote
a message of 28 lines which said:

> my question may be stupid

No but is is well-known and have been thouroughly discussed. (Ignore
Benjamin Zachary's reply, which is completely false.)

> return-path : toto@spamer.com
> from : billg@microsoft.com
>
> in our usual email client, we'll see this email sent by
> billg@microsoft.com,

Yes, this is why the MARID Internet-Drafts strongly suggested that the
MUA (Eudora, mutt, pine) should display the authentified address as
well.

Also, there is not only detection by the end-user, there is also a
posteriori analysis of the fake and here, SPF helps a lot.

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Hi,

I don't think there is a site yet, as it is still in flux. Perhaps meng
has got some pretty pictures, all I know of is the set of old drafts in
http://spf.pobox.com/unified/

At this point, Mark is getting the SPF Classic spec ready for the IETF
first. After that we'll get back to unified I guess.

Koen

On Tue, Oct 05, 2004 at 10:03:27AM -0400, Serre Murphy wrote:
> Koen --
>
> Is there a good site that previews the features proposed for Unified SPF?
> I'd like to get a head start.
>
> Thanks.
>
> Serre Murphy
> Net Fulfillment Technologies, Inc.
>
> -----Original Message-----
>
> >And yes, this is a problem with SPF-Classic, which will be one of the
> >things Unified SPF will address..
>
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

Yannick Simon wrote:

> return-path : toto@spamer.com
> from : billg@microsoft.com

If that PASSes SPF, then a later bounce to toto won't hit an
innocent bystander. If it FAILs, because toto@spamer.com was
forged, then it doesn't reach your inbox. That's what SPF
does, it's not about phishing / social engineering / spam, it
is about forged bounce addresses (MAIL FROM, Return-Path).

Sender-ID (that's not the same as v=spf1) wants to do something
against phishing, but actually it doesn't work if you change a
single line in your example:

| resent-from : toto@spamer.com
| from : billg@microsoft.com
Bye, Frank


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com