Stephen Gran on 22 Mar 2004 01:34:02 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Re: SPF


On Sun, Mar 21, 2004 at 08:17:38PM -0500, Malcolm J Harwood said:
> On Sunday 21 Mar 2004 15:04, Tom Diehl wrote:
> 
> > Just set up your mta to reject mail that has a from header of aol.com, etc
> > but does not come from aol.com mail servers. 99.999% of the mail I see with
> > an aol.com, yahoo.com, hotmail.com etc. from header originates from some
> > other mail server. 
> 
> I was under the impression this is exactly what SPF is for. Otherwise you 
> don't *know* what AOL's mail servers are.

Yes.  SPF is designed to look at the envelope from (MAIL FROM:), but can
be set up to look at the header 'From: ' as well.  Dumping mail based on
the From: header, as others have already noticed, breaks forwarding and
other long standing parts of the store-n-forward idea of smtp.

Rejecting based on a forged HELO, on the other hand, is decidedly safe -
nobody but aol should be HELO'ing as an aol machine (or worse, as your
own machine) unless they're trying tricks.  Until somebody comes up with
a better sytem to verify that email comes from where it says it comes
from, I'm steering clear of SPF.  The multitude of things it breaks
isn't worth the one thing it might fix.

-- 
 --------------------------------------------------------------------------
|  Stephen Gran                  | "You'll pay to know what you really     |
|  steve@lobefin.net             | think." -- J.R. "Bob" Dobbs             |
|  http://www.lobefin.net/~steve |                                         |
 --------------------------------------------------------------------------

Attachment: pgpgbZhQzJX6Q.pgp
Description: PGP signature