Art Clemons on 21 Mar 2004 23:49:02 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Re: SPF


Part of the problem is defining "header forging".  Clearly spam messages
sent with a From: address of something at yahoo.com would be considered
forged...but what about this email?  The From: address on it is jeffm at
iglou.com.  But I'm currently using my laptop at my parents' house,
through their cable modem connection.  I'm sending this with my jeffm at
iglou.com From: address because *I* am jeffm at iglou.com.  But my
laptop isn't on an iglou.com Internet connection at the moment.  Now, in
this case, its not all that big of a deal because IgLou has considerable
clue and provides SMTP AUTH based relaying, so this email will bounce
off of IgLou's servers.


It's simpler than you think. One solution would be for more ISPs to use IMAP instead of POP mail. Then from your parents house you could still connect to the servers of whichever mail server being used to send the mail. Note that using IMAP would force servers to be sure an actual validated user was sending the email. IMAP does have some likely security holes but those can be filled.


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug