Re: ISP phishing

• From: Niels Bakker
• Date: Thu Jun 30 04:28:35 2005

* [email protected] (Tony Finch) [Wed 29 Jun 2005, 15:28 CEST]:

On Wed, 29 Jun 2005, Peter Corlett wrote:

Tony Finch <[email protected]> wrote:
[...]

Actually, what you have to guarantee is that you never send email to anyone who forwards their email elsewhere. This is impossible.

How do you figure that?

The failure mode in this case is if somebody arranges "dumb" mail forwarding that doesn't do envelope rewriting, and also applies a SPF filter on their incoming mail. The problem is quite clearly of the recipient's making rather than any fault of the sender's.

Most forwarding services do nothing but change the envelope recipient address, and this has been standard practice for many many years. Sites that do SPF checking on incoming email must take this into account if their users forward email from elsewhere. However most sites do not do so, partly because the SPF documentation doesn't make it clear that they must, and partly because it's basically impossible - for every user that forwards email to your site you must whitelist the IP addresses of the forwarding mail servers, and you can't find out what those IP addresses are or when they change.

How do I configure my router for that?


	-- Niels.

--
                             The idle mind is the devil's playground

• References:
  • ISP phishing Gadi Evron
  • Re: ISP phishing Paul Wouters
  • Re: ISP phishing Brad Knowles
  • Re: ISP phishing Tony Finch
  • Re: ISP phishing Peter Corlett
  • Re: ISP phishing Tony Finch

• Prev by Date: Re: Is my BIND Server's Cache Poisioned ?
• Next by Date: Re: Is my BIND Server's Cache Poisioned ?
• Date Index
• Thread Index
• Author Index
• Historical