Jeff McAdams on 21 Mar 2004 22:44:02 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Re: SPF


Arthur S. Alexion wrote:
> On Sunday 21 March 2004 02:29 pm, Jeff McAdams wrote:
>>>Part of the problem is defining "header forging".  Clearly spam messages
>>>sent with a From: address of something at yahoo.com would be considered
>>>forged...but what about this email?  The From: address on it is jeffm at
>>>iglou.com.  But I'm currently using my laptop at my parents' house,
>>>through their cable modem connection.  I'm sending this with my jeffm at
>>>iglou.com From: address because *I* am jeffm at iglou.com.  But my
>>>laptop isn't on an iglou.com Internet connection at the moment.  Now, in
>>>this case, its not all that big of a deal because IgLou has considerable
>>>clue and provides SMTP AUTH based relaying, so this email will bounce
>>>off of IgLou's servers.

> I see.  Are you saying that you are connecting via your parents' ISP but using 
> iglou.com's smtp?

Yup.  Only doable because IgLou allows relaying when you use SMTP AUTH,
otherwise it would be a third-party relay, which is certainly bad mojo
on today's Internet.

> I occasionally check and send email with my Palm OS cell 
> phone.  In that case I can dial up either to SprintPCS.com or netreach.net 
> (my regular ISP).  If I dial up via SprintPCS.com, I can't use 
> smtp.netreach.net because smtp.netreach.net would bounce it as an illegal 
> relay.  If I dial up via SprintPCS.com, I have to send via 
> smtp.sprintpcs.com.  But either way, my ¨From:¨ address is @alexion.com, and 
> I rarely use sendmail so I am always using one ISP's smtp server or another.

> Are you saying SPF would reject any alexion.com mail as forged since it is 
> coming from another domain's smtp server?

If alexion.com had SPF records that didn't include sprintpcs.com's smtp
servers and netreach.net's smtp servers and the receiving mail servers
honored SPF, yes (at least as I understand SPF, someone please correct
me if I'm wrong, but I don't think I am).

Of course, since it looks like alexion.com is your own personal domain,
then you could put whatever records in for it that you wanted, allowing
mail from whichever mailservers that you might use, so that's probably
not a big deal for you, but not all that many people use personal
domains like that.
-- 
Jeff McAdams
"He who laughs last, thinks slowest." -- anonymous

Attachment: signature.asc
Description: OpenPGP digital signature