[Mimedefang] Deadline for SPF records
Richard Laager
rlaager at wiktel.com
Mon Aug 9 20:00:44 EDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Can't
> someone still forge the user name as long as the domain
> name is correct for the originating IP address or will that
> take yet another change in all MTA's to enforce before this
> one is very useful?
Let's say that the SPF record for futuresource.com says that the
allowed relay is mail.futuresource.com. This means that mail coming
from mail.futuresource.com (as the relay) is legitimate and that all
other mail is likely to be forged. Now, why would
mail.futuresource.com allow someone to spoof the envelope sender from
its own domain? For example, my mail server has been configured to
check all envelope sender addresses which are from local domains.
Therefore, I can't send a message with an envelope sender of
fakeusername at wiktel.com. If SPF was widely adopted, these two
measures would effectively stop forgery of all wiktel.com addresses.
On the other hand, if you simply want to be able to tell if a given
address is valid, that's easy enough to check. Simply connect back to
the MX records for the sending domain and do: MAIL FROM:<> RCPT
TO:<blah at domain.com> Code for this has been posted on the list
before. This allows you to drop completely invalid addresses.
Richard Laager
Wikstrom Telecom Internet
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
Comment: If you don't know what this is, you can safely ignore it.
iQA/AwUBQRgPY231OrleHxvOEQLVvACg6r68vySTWULpxAWhEAghQ94yHJoAnRB3
Enn6ldflDqBL4/xP9Sc9w9r9
=q69y
-----END PGP SIGNATURE-----
More information about the MIMEDefang
mailing list