[Mimedefang] sendmail spf milter plugin for sendmail 8.13.0
Matthew.van.Eerde at hbinc.com
Matthew.van.Eerde at hbinc.com
Wed Aug 18 14:38:06 EDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David F. Skoll wrote:
> On Wed, 18 Aug 2004 WBrown at e1b.org wrote:
>
>> But wouldn't this require access to an account on the domain you are
>> going to claim the email is from?
>
> Yes, but it's easy enough to get a throwaway Yahoo account.
It's not so easy to send bulk email through a Yahoo SPF-authorized
server. I'm sure they have some kind of per-account rate-limiting.
>> If I want a message signed by Citibank, I would need access to send a
>> message from their server. I don't have that and I'll bet most
>> spammers/phishers don't either.
>
> That's true. So as an anti-phishing measure, DomainKeys might have
> some merit. That is, until phishers register domains like
> "citi-bank.com" (oops, someone already has!) or "citionline.com"
> (oops, that one's gone too!) that will certainly be enough to fool a
> lot of people.
>
> The other thing I've seen is a From: line like this:
>
> From: "someone at citibank.com" <real-phisher-address at cracker.net>
>
> Guess what most e-mail clients show in the "From" column? Guess which
> address DomainKeys will check?
That's a problem with e-mail clients that can be easily corrected.
Another spin on the same theme is to have a Mail From: email that is
different as well:
MAIL FROM: <envelope at from-1.example.com>
...
DATA
From: "name at from-2.example.com" <email at from-3.example.com>
Sender: "sender at from-4.example.com"
Reply-To: "reply-to at from-5.example.com"
...
So who do you check - from-[1-5].example.com?
Microsoft's solution was to create a known cascade called PRA - but
it requires a license to use...
Matthew.van.Eerde at hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
-----BEGIN PGP SIGNATURE-----
Comment: pub key http://matthew.vaneerde.com/pgp-public-key.asc
iD8DBQFBI6IJUQQr0VWaglwRAtQ/AJ4+/ElQpfGM4FWC8O1W08fr4ow4eQCfZbRj
udtnzL3cHXyTuq2vzlz9peU=
=u5kM
-----END PGP SIGNATURE-----
More information about the MIMEDefang
mailing list