Re: SPF = Sender Policy Framework
From: Norman L. DeForest (af380_at_chebucto.ns.ca)
Date: 09/29/04
- Next message: Madhusudan Singh: "Re: Sr. Software Engineer needed"
- Previous message: Dave Uhring: "Re: What is wrong with Suse ?"
- In reply to: John F Hall: "Re: SPF = Sender Policy Framework"
- Next in thread: Philip Homburg: "Re: SPF = Sender Policy Framework"
- Reply: Philip Homburg: "Re: SPF = Sender Policy Framework"
- Reply: John F Hall: "Re: SPF = Sender Policy Framework"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 28 Sep 2004 21:55:13 -0300
On 28 Sep 2004, John F Hall wrote:
> In article <4158a1dd$8$fuzhry+tra$mr2ice@news.patriot.net>,
> Shmuel (Seymour J.) Metz <spamtrap@library.lspace.org.invalid> wrote:
> >In <cj757u$6ju$1@avondale.demon.co.uk>, on 09/26/2004
> > at 07:27 PM, jfh@avondale.demon.co.uk (John F Hall) said:
> >
> >>No. As it's likely that current viruses have false sender addresses
> >>nothing is gained by rejecting them,
> >
> >That's a non sequitor.
>
> Rubbish.
>
> Is what way is rejecting better than dropping?
>
> >>which merely instructs the sending MTA to raise DSNs.
> >
> >The Devil is in the details. If it's not broken then it will send them
> >to the proper addresses.
>
> The RFCs mandates that DSNs are sent to the "mail from" address, and
> "source routing" is deprecated.
>
> >I consider an open relay to be broken.
>
> Eh? What have "open relays" do do with it?
>
> >>True, but testing is still sufficiently rare that one cannot assume
> >>that viruses are only presented by the source MTA.
> >
> >If they are presented by an open relay then there are worse problems
> >than the destination of the DSN. Such relays should be filter fodder.
>
> Again where has "open relay" come from? An email may, currently, travel
> through several MTAs before it hits one that does virus checking. A
> rejection causes the previous MTA, if correctly configured, to send a
> DSN to the "mail from address".
[snip]
John Q. Spammer sends his email to Bob G. Recipient through server
mail.foo.invalid at an entirely different system. and it attempts to
deliver it. mail.foo.invalid is an open relay. I sure you would agree
with *that* one.
Richard C. Chickenboner forges Bob G. Recipient as the sender and
sends his spam to invalidaddress@bar.invalid through mail.bar.invalid.
mail.bar.invalid "bounces" the rejected message to Bob.G. Recipient.
So mail.bar.invalid can also be used to send email to an unwilling
third party. Some people would argue that mail.bar.invalid also matches
the description of an open relay since it effectively can be used as one
by sending to an invalid address with the intended recipient forged as the
sender.
If rejecting a known virus instead of dropping it on the floor *can* lead
to an innocent third party getting an infectious message, it would be
irresponsible to do so. *Once a message is known to be a worm*, dropping
it or saving it somewhere where a human can examine the full headers and
report the worm to proper authorities are much more reasonable
alternatives than rejecting it when you have no way to tell if the
rejection will result in a infectious copy of the worm going to an
innocent third party.
-- Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html af380@chebucto.ns.ca [=||=] (A Speech Friendly Site) "O'Reilly is to a system administrator as a shoulder length latex glove is to a veterinarian." -- Peter da Silva in the scary devil monastery
- Next message: Madhusudan Singh: "Re: Sr. Software Engineer needed"
- Previous message: Dave Uhring: "Re: What is wrong with Suse ?"
- In reply to: John F Hall: "Re: SPF = Sender Policy Framework"
- Next in thread: Philip Homburg: "Re: SPF = Sender Policy Framework"
- Reply: Philip Homburg: "Re: SPF = Sender Policy Framework"
- Reply: John F Hall: "Re: SPF = Sender Policy Framework"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
