Re: [PLUG] Re: SPF

Walt Mankowski on 22 Mar 2004 01:55:03 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Re: SPF

From: Walt Mankowski <waltman@pobox.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] Re: SPF

Date: Sun, 21 Mar 2004 20:54:58 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.5.5.1+cvs20040105i

On Sun, Mar 21, 2004 at 08:26:07PM -0500, Jeff McAdams wrote: > OK, not that I confused the two, just that I didn't know that SPF dealt > with envelope rather than the header. Regardless, however, you have all > of the same issues with the envelope. > > When I'm at my parents house, I don't have a valid account on the cable > provider's ISP (I'm not even sure that *they* do...I assume they do...I > think this provider provides email services to their customers, but I > really don't know that for sure), so I really couldn't put that in. > Unless the point is that its anything at comcast.com (or whatever the > domain) and its not checked for a valid account, in which case the check > is all but useless. So, again, I'd be back to relaying off of my IgLou > ISP (again, doable because they support SMTP AUTH). SPF isn't designed to look at accounts, only domains. You're sending the mail from a comcast.com IP address, so Comcast just has to say that it's OK for that address to say that it's @comcast.com. So if you're at your parents's place you can relay through comcast or iglou. Either way your envelope sender should be set to the proper domain, and the receiving SMTP servers should be happy. > Like I said, maybe its reasonable to deploy SPF in conjunction with SMTP > AUTH...actually, I think that's probably a pretty good idea. I do think > that SMTP AUTH should be deployed much more widely than it is. I saw > someone (I think it was on the exim mailing list) point out that we had > to change our way of doing things when we started dealing with 3rd party > relaying, and this is another change...which would be valid, but I don't > think SPF is reasonable or feasible to deploy without SMTP AUTH support > to allow people to relay off their "home" SMTP server when they're not > on the home network. > > Besides, if SPF only deals with the envelope (which really makes sense, > since I assume that check happens at RCPT: time, which would be before > the header From: is even received), then it really does nothing to > prevent a message from showing up in my mailbox as "From: > blah@yahoo.com", which, it seems to me, was the point of the whole > exercise in the first place. :/ No. The whole point is that spammers can't lie about which domains they're sending their mail from. And that happens in the envelope, not the From: address. Walt
Attachment: signature.asc
Description: Digital signature

Follow-Ups:

Re: [PLUG] Re: SPF
From: Jeff McAdams <jeffm@iglou.com>

References:

[PLUG] [plug-announce] Ello!
From: turgon@mike-leone.com

SPF (as Re: [PLUG] [plug-announce] Ello!)
From: Malcolm J Harwood <mjhlists-plug@liminalflux.net>

Re: SPF (as Re: [PLUG] [plug-announce] Ello!)
From: Paul <gyoza@comcast.net>

[PLUG] Re: SPF
From: Malcolm J Harwood <mjhlists-plug@liminalflux.net>

Re: [PLUG] Re: SPF
From: Jeff McAdams <jeffm@iglou.com>

Re: [PLUG] Re: SPF
From: Walt Mankowski <waltman@pobox.com>

Re: [PLUG] Re: SPF
From: Jeff McAdams <jeffm@iglou.com>

Prev by Date: Re: [PLUG] Re: SPF

Next by Date: [PLUG] archiving websites

Previous by thread: Re: [PLUG] Re: SPF

Next by thread: Re: [PLUG] Re: SPF

Index(es):

Date

Thread