North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISP phishing

  • From: Mike Leber
  • Date: Wed Jun 29 06:34:41 2005

On Wed, 29 Jun 2005, Tony Finch wrote:
> On Wed, 29 Jun 2005, Brad Knowles wrote:
> > 	SPF is not a panacea.
> >
> > 	In fact, it is pretty much totally worthless, unless you are the sole
> > owner of a given domain and you can guarantee that all mail you ever send will
> > always be routed through the machines that you own and control, and you know
> > that you don't ever forward e-mail for any of your other accounts.

See my other email in regards to this mobile user strawman argument.  
Look in the archives for the same arguments against closing open relays.

> Actually, what you have to guarantee is that you never send email to
> anyone who forwards their email elsewhere. This is impossible.

This is incorrect.

SPF is an inbound filter.

This is in the recipients control, not yours.

Assume you send email to [email protected] and Alice forwards
that email address to [email protected]

If the inbound mail server for has SPF or MX+
enabled for [email protected] and and you pass the test and your
mail is accepted by then that is the end of your

If Alice then decides to forward to [email protected] and Alice
wishes to use SPF or MX+ for the mailbox [email protected] as well
then Alice would whitelist the IP of the outbound mail server for

You don't have control over what forwarding, filtering, or whitelisting
Alice does with her personal mailbox.

If Alice wants to forward [email protected] to
[email protected] and use SPF or MX+ with [email protected]
presumably she won't block email from her other account and she can check
if she got it right really easy by sending email to
[email protected]

+----------------- H U R R I C A N E - E L E C T R I C -----------------+
| Mike Leber           Direct Internet Connections   Voice 510 580 4100 |
| Hurricane Electric     Web Hosting  Colocation       Fax 510 580 4151 |
| [email protected]                              |