George A. Theall on 1 Sep 2005 01:53:02 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Verizon blacklist?

On Wed, Aug 31, 2005 at 08:46:43PM -0400, Eugene Smiley wrote:

> If you don't check then how do you know that it's really coming from
> It's just as easy to spoof received lines
> as it is to spoof FROM and MAIL FROM...

Spoofing the Received header my MTA adds isn't so easy, and that's where
the hotmail hostnames appear. 

> You are also relating to the wrong part of the email. What SPF
> Classic checks is the MAIL FROM aka ENVELOPE FROM

Would you mind pointing out in what way I was "relating to the wrong
part of the email"? I don't recall actually making any such distinction,
but perhaps I'm getting sloppy in my old age. 

In any case, here's a concrete example.  Note the Return-Path header and
the IP passing the message to my mail server ( both refer to

                      ---- snip, snip, snip ----
Return-Path: <>
Received: from ( [])
        by (8.13.3/8.13.3) with ESMTP id j72DHfY6032615
        for <>; Tue, 2 Aug 2005 09:17:47 -0400
Received: from mail pickup service by with Microsoft SMTPSVC;
         Tue, 2 Aug 2005 05:30:21 -0700
Message-ID: <BAY13-F2B09FE9814A3F244D0FD1BDC20@phx.gbl>
Received: from by with HTTP;
        Tue, 02 Aug 2005 12:30:21 GMT
X-Originating-IP: []
X-Originating-Email: []
From: "aaron tutu" <
                      ---- snip, snip, snip ----

So, what good is SPF in such cases?


Attachment: pgpz0Pb2pdRCD.pgp
Description: PGP signature

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --