Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SPF>
  3. Help
Use of exists mechansim in SPF
murthy+spf at teamon
Jul 19, 2004, 2:55 PM
Post #1 of 2 (1388 views)
Permalink
Hi,

Isn't an MTA prone to forgery if they use 'exists' mechanism?

For example, say 'foo.com' domain implments 'exists' mechanism with an SPF record 'v=spf1 exists:foo.com -all' Can't an email forger send from any arbitrary IP address and say MAIL From: ceo@foo.com ?

Essentially, how is the MTA itself validated when 'exists' is used?

I must be missing something here.. what is it?

thanks a lot,

Murthy Gorty.








-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
Re: Use of exists mechansim in SPF [ In reply to ]
nobody at xyzzy
Jul 19, 2004, 9:23 PM
Post #2 of 2 (1337 views)
Permalink
Murthy Gorty wrote:

> 'foo.com' domain implments 'exists' mechanism with an SPF
> record 'v=spf1 exists:foo.com -all' Can't an email forger
> send from any arbitrary IP address and say MAIL From:
> ceo@foo.com ?

Yes. The 'exists' mechanism makes more sense with macros.
e.g. "-exists:%{ir}.bl.spamcop.net" would be "IP not listed
by spamcop.net". Still dubious, but there are also some
white lists organized in this way (bondedsender etc.)

You could also create a list of all users, and macros could
then check the existence of the local parts. Bye, Frank


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal