George A. Theall on 1 Sep 2005 01:53:02 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Verizon blacklist?


On Wed, Aug 31, 2005 at 08:46:43PM -0400, Eugene Smiley wrote:

> If you don't check then how do you know that it's really coming from
> bay15-f3.bay15.hotmail.com? It's just as easy to spoof received lines
> as it is to spoof FROM and MAIL FROM...

Spoofing the Received header my MTA adds isn't so easy, and that's where
the hotmail hostnames appear. 

> You are also relating to the wrong part of the email. What SPF
> Classic checks is the MAIL FROM aka ENVELOPE FROM

Would you mind pointing out in what way I was "relating to the wrong
part of the email"? I don't recall actually making any such distinction,
but perhaps I'm getting sloppy in my old age. 

In any case, here's a concrete example.  Note the Return-Path header and
the IP passing the message to my mail server (64.4.31.2) both refer to
Hotmail. 

                      ---- snip, snip, snip ----
Return-Path: <aarontutu2012@hotmail.com>
Received: from hotmail.com (bay13-f2.bay13.hotmail.com [64.4.31.2])
        by salt.tifaware.com (8.13.3/8.13.3) with ESMTP id j72DHfY6032615
        for <theall@tifaware.com>; Tue, 2 Aug 2005 09:17:47 -0400
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
         Tue, 2 Aug 2005 05:30:21 -0700
Message-ID: <BAY13-F2B09FE9814A3F244D0FD1BDC20@phx.gbl>
Received: from 216.139.164.27 by by13fd.bay13.hotmail.msn.com with HTTP;
        Tue, 02 Aug 2005 12:30:21 GMT
X-Originating-IP: [216.139.164.27]
X-Originating-Email: [aarontutu2012@hotmail.com]
X-Sender: aarontutu2012@hotmail.com
Reply-To: tutu_aaron@yahoo.co.in
From: "aaron tutu" <aarontutu2012@hotmail.com
                      ---- snip, snip, snip ----

So, what good is SPF in such cases?


George
-- 
theall@tifaware.com

Attachment: pgpz0Pb2pdRCD.pgp
Description: PGP signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug