| George A. Theall on 1 Sep 2005 01:53:02 -0000 |
|
On Wed, Aug 31, 2005 at 08:46:43PM -0400, Eugene Smiley wrote:
> If you don't check then how do you know that it's really coming from
> bay15-f3.bay15.hotmail.com? It's just as easy to spoof received lines
> as it is to spoof FROM and MAIL FROM...
Spoofing the Received header my MTA adds isn't so easy, and that's where
the hotmail hostnames appear.
> You are also relating to the wrong part of the email. What SPF
> Classic checks is the MAIL FROM aka ENVELOPE FROM
Would you mind pointing out in what way I was "relating to the wrong
part of the email"? I don't recall actually making any such distinction,
but perhaps I'm getting sloppy in my old age.
In any case, here's a concrete example. Note the Return-Path header and
the IP passing the message to my mail server (64.4.31.2) both refer to
Hotmail.
---- snip, snip, snip ----
Return-Path: <aarontutu2012@hotmail.com>
Received: from hotmail.com (bay13-f2.bay13.hotmail.com [64.4.31.2])
by salt.tifaware.com (8.13.3/8.13.3) with ESMTP id j72DHfY6032615
for <theall@tifaware.com>; Tue, 2 Aug 2005 09:17:47 -0400
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Tue, 2 Aug 2005 05:30:21 -0700
Message-ID: <BAY13-F2B09FE9814A3F244D0FD1BDC20@phx.gbl>
Received: from 216.139.164.27 by by13fd.bay13.hotmail.msn.com with HTTP;
Tue, 02 Aug 2005 12:30:21 GMT
X-Originating-IP: [216.139.164.27]
X-Originating-Email: [aarontutu2012@hotmail.com]
X-Sender: aarontutu2012@hotmail.com
Reply-To: tutu_aaron@yahoo.co.in
From: "aaron tutu" <aarontutu2012@hotmail.com
---- snip, snip, snip ----
So, what good is SPF in such cases?
George
--
theall@tifaware.com
Attachment:
pgpz0Pb2pdRCD.pgp ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|