Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SPF>
  3. Help
Emailing via my mobile phone.
lists at clifford
Aug 9, 2004, 4:24 PM
Post #1 of 6 (3055 views)
Permalink
Hi,

I can email using my phone or my Psion via my phone using GPRS. Orange do
not support SPF so I guess an "include" for Orange is not much use.

Below I have included the headers of a message sent via my phone, using
smtp.orange.net as the outgoing server. I seem to have received it,
though, from sprite.orange.co.uk. I don't suppose I can use my own
mailserver as it would object to relaying from what it would think as
being random sources.

I think I need to set up to allow email from @clifford.ac if it is sent
from anything.orange.co.uk, using the macro facility but I am finding it a
bit incomprehensible at the moment. Am I thinking along the right lines?



My current spf is:

clifford.ac. IN TXT "v=spf1 a mx ptr ip4:217.169.19.0/29
?exists:spfmonitor.clifford.ac ~all"


(the spfmonitor is to give me an entry in my log file)



<----------- test email via mobile 'phone ----------------->
Return-Path: <alan@clifford.ac>
Received: from sprite.orange.co.uk ([193.36.79.39])
by mundungus.clifford.ac (8.12.9/8.12.9) with ESMTP id
i53NQ8RF021190
for <alan@clifford.ac>; Fri, 4 Jun 2004 00:26:08 +0100
Received: from [172.23.233.8] (crusherouter.orange.co.uk [193.35.129.169])
by sprite.orange.co.uk (iPlanet Messaging Server 5.2 (built Feb 21 2002))
with SMTP id <0HYR00JIRAE7VJ@sprite.orange.co.uk> for alan@clifford.ac;
Fri,
04 Jun 2004 00:25:32 +0100 (BST)
Date: Fri, 04 Jun 2004 00:25:16 +0000
From: Alan Clifford <alan@clifford.ac>
Subject: test fromphone to alan
To: alan@clifford.ac
Reply-to: Alan Clifford <alan@clifford.ac>
Message-id: <BWrkX2gPLqvg.bXVT69g3@smtp.orange.net>
X-Mailer: EPOC Email Version 2.00
Content-transfer-encoding: 7BIT
X-MARP-Status: checked (21876)

test


<----------- test email via mobile 'phone ----------------->





--
Alan


( Please do not email me AS WELL as replying to the list. Please
address personal email to alan+1@ as lists@ is not read. A
password autoresponder may be invoked if this email is very old. )

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
Re: Emailing via my mobile phone. [ In reply to ]
spf at metro
Aug 10, 2004, 4:31 AM
Post #2 of 6 (3009 views)
Permalink
Hi,

On Tue, Aug 10, 2004 at 12:24:16AM +0100, Alan Clifford wrote:
> I can email using my phone or my Psion via my phone using GPRS. Orange do
> not support SPF so I guess an "include" for Orange is not much use.

Maybe the can be convinced? (i'm being optimistic here ;)

> Below I have included the headers of a message sent via my phone, using
> smtp.orange.net as the outgoing server. I seem to have received it,
> though, from sprite.orange.co.uk. I don't suppose I can use my own
> mailserver as it would object to relaying from what it would think as
> being random sources.

Hmm, and I guess connecting to your smtp server using smtp-auth is out of the question too? This is the normal solution for the problem of 'mobile' email senders.

> I think I need to set up to allow email from @clifford.ac if it is sent
> from anything.orange.co.uk, using the macro facility but I am finding it a
> bit incomprehensible at the moment. Am I thinking along the right lines?

Well, there's also the ptr mechanism, which will result in a series of dns lookups. Example: 'ptr:orange.co.uk'. First, the spf checking host will query for the PTR record for the ip that is connecting. Then it will check if any of these end in orange.co.uk, and for those that do it will request the A records and see if any of these match the connecting ip.

You might also consider some form of remailing. Eg, you send your mail to a script on your machine, using some secret or something that is unique for messages sent from your phone to see if the mail should be forwarded to the final recipient. However, there doesn't seem to be something like that in your example mail, so it would have to be a secret you have to enter for each mail. Not very practical..

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
RE: Emailing via my mobile phone. [ In reply to ]
spf at kitterman
Aug 10, 2004, 5:53 AM
Post #3 of 6 (3018 views)
Permalink
> -----Original Message-----
> From: owner-spf-help@v2.listbox.com
> [mailto:owner-spf-help@v2.listbox.com]On Behalf Of Koen Martens
> Sent: Tuesday, August 10, 2004 7:32 AM
> To: spf-help@v2.listbox.com
> Subject: Re: [spf-help] Emailing via my mobile phone.
>
>
> Hi,
>
> On Tue, Aug 10, 2004 at 12:24:16AM +0100, Alan Clifford wrote:
> > I can email using my phone or my Psion via my phone using GPRS.
> Orange do
> > not support SPF so I guess an "include" for Orange is not much use.
>
> Maybe the can be convinced? (i'm being optimistic here ;)
>
> > Below I have included the headers of a message sent via my phone, using
> > smtp.orange.net as the outgoing server. I seem to have received it,
> > though, from sprite.orange.co.uk. I don't suppose I can use my own
> > mailserver as it would object to relaying from what it would think as
> > being random sources.
>
> Hmm, and I guess connecting to your smtp server using smtp-auth
> is out of the question too? This is the normal solution for the
> problem of 'mobile' email senders.
>
> > I think I need to set up to allow email from @clifford.ac if it is sent
> > from anything.orange.co.uk, using the macro facility but I am
> finding it a
> > bit incomprehensible at the moment. Am I thinking along the
> right lines?
>
> Well, there's also the ptr mechanism, which will result in a
> series of dns lookups. Example: 'ptr:orange.co.uk'. First, the
> spf checking host will query for the PTR record for the ip that
> is connecting. Then it will check if any of these end in
> orange.co.uk, and for those that do it will request the A records
> and see if any of these match the connecting ip.
>
> You might also consider some form of remailing. Eg, you send your
> mail to a script on your machine, using some secret or something
> that is unique for messages sent from your phone to see if the
> mail should be forwarded to the final recipient. However, there
> doesn't seem to be something like that in your example mail, so
> it would have to be a secret you have to enter for each mail. Not
> very practical..
>
> Koen
>
Another option you have is to send yourself a number of e-mails and see what
IP address range they come out of. It looks to me like the relevant header
is:

> > Received: from sprite.orange.co.uk ([193.36.79.39])
> > by mundungus.clifford.ac (8.12.9/8.12.9) with ESMTP id
> > i53NQ8RF021190

If the received header always has the same IP address, you can just add it
to your SPF record:

IP4:193.36.79.39

If you get a range of IP addresses, then you'll just have to take a guess at
the CIDR range involved.

One other thought...

There are no doubt a large number of other users sending through
sprite.orange.co.uk. Do you want all of them to be considered authentic
senders for your domain? You might want to consider using ?IP4:193.36.79.39
instead to avoid any risk of a forged e-mail getting an SPF pass (this is
especially true if you end up with a CIDR range and you aren't sure of all
the IP addresses in the range).

Scott Kitterman

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
RE: Emailing via my mobile phone. [ In reply to ]
michael at i-magery
Aug 10, 2004, 6:15 AM
Post #4 of 6 (2984 views)
Permalink
I think that this (e-mail from cell phones) is a perfect example of SPF
being no use at all. There are quite a number of scenarios where mail
clients dynamically connect to the internet via ISPs that require you to use
their SMTP servers and do not allow port 25 traffic. I am *not* going to
add SPF records to DNS for every corporate Tom, Dick and Harry that asks for
it, DNS is not something to be constantly trifled with as if it were a
whitelist. Also, I am not adding large ISPs that have dynamic clients
because that's where the spam comes from.

SPF looks like a semi-useful tool, but it is not a be-all end-all. I will
slightly penalize the mail that comes in from sources that are incorrectly
authenticated by SPF, slightly reward those who have proper SPF IDs, and
utterly ignore the domains that do not have SPF implemented.

I am not giving the SPF test much weight at all in the grand scheme of
things and am dancing to the tune only because I don't want my customers'
mail penalized by overzealous mail admins who do.

-- Michael Cummins


-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
Re: Emailing via my mobile phone. [ In reply to ]
lists at clifford
Aug 10, 2004, 2:56 PM
Post #5 of 6 (3008 views)
Permalink
On Tue, 10 Aug 2004, Koen Martens wrote:

KM> On Tue, Aug 10, 2004 at 12:24:16AM +0100, Alan Clifford wrote:
KM> > I can email using my phone or my Psion via my phone using GPRS.


KM>
KM> Maybe the can be convinced? (i'm being optimistic here ;)
KM>

Ha, an email exchange with Orange convinced me that they were not
interested.


KM> Hmm, and I guess connecting to your smtp server using smtp-auth is out
KM> of the question

The 'phone won't do it. There is a mail client for the Psion 5x
downloadable from Japan I seem to remember.


KM> Well, there's also the ptr mechanism, which will result in a series of
KM> dns lookups. Example: 'ptr:orange.co.uk'. First, the spf checking host
KM> will query for the PTR record for the ip that is connecting. Then it
KM> will check if any of these end in orange.co.uk, and for those that do
KM> it will request the A records and see if any of these match the
KM> connecting ip.

It gets worse. A lookup of the orange ip in the email results in
NXDOMAIN.


KM> You might also consider some form of remailing. Eg, you send your mail
KM> to a script on your machine, using some secret or something that is
KM> unique for messages sent from your phone to see if the mail should be
KM> forwarded to the final recipient. However, there doesn't seem to be
KM> something like that in your example mail, so it would have to be a
KM> secret you have to enter for each mail. Not very practical..
KM>

I could use, say

to: "koen@example.com"@subdomain.clifford.ac

from the phone and unmangle it a remailing script with mail from
subdomain limited to orange servers. Too many hoops for me I'm afraid.


--
Alan


( Please do not email me AS WELL as replying to the list. Please
address personal email to alan+1@ as lists@ is not read. A
password autoresponder may be invoked if this email is very old. )

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
RE: Emailing via my mobile phone. [ In reply to ]
lists at clifford
Aug 10, 2004, 3:27 PM
Post #6 of 6 (3000 views)
Permalink
On Tue, 10 Aug 2004 spf@kitterman.com wrote:

> > On Tue, Aug 10, 2004 at 12:24:16AM +0100, Alan Clifford wrote:
> > > I can email using my phone or my Psion via my phone using GPRS.


>
> If you get a range of IP addresses, then you'll just have to take a
> guess at the CIDR range involved.
>
> One other thought...
>
> There are no doubt a large number of other users sending through
> sprite.orange.co.uk. Do you want all of them to be considered authentic
> senders for your domain? You might want to consider using
> ?IP4:193.36.79.39 instead to avoid any risk of a forged e-mail getting
> an SPF pass (this is especially true if you end up with a CIDR range and
> you aren't sure of all the IP addresses in the range).
>

From the whois, it seems to be 193.36.78.0/23. I suppose I could email
them and ask but I'm afraid they might just tell me the name of their pop
server again :-(

Do I understand correctly that a ?IP4:193.36.78.0/23 will return a match
for 193.36.79.39 without dns lookups, that match will be "unknown" and
that processing of further mechanisms will not take place? I suppose that
is a tad better than a fail. Well perhaps more that a tad.

So I think I am looking at:


clifford.ac. IN TXT "v=spf1 a mx ptr ip4:217.169.19.0/29
?IP4:193.36.78.0/23
~exists:spfmonitor.clifford.ac ~all"


The ~all is redundant but anything hitting the ~exists: will stop
processing with a soft fail and put a line in my local log file (other
matches won't log here because only spfmonitor is NS to my local
computer).

I also need the following as well for the two computers that might send
mail with their names in them:

bergamot.clifford.ac. IN TXT "v=spf1 a -all"
mundungus.clifford.ac. IN TXT "v=spf1 a -all"


--
Alan


( Please do not email me AS WELL as replying to the list. Please
address personal email to alan+1@ as lists@ is not read. A
password autoresponder may be invoked if this email is very old. )

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal