Eugene Smiley on 1 Sep 2005 03:00:23 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Verizon blacklist? 

George A. Theall wrote:
> On Wed, Aug 31, 2005 at 08:46:43PM -0400, Eugene Smiley wrote:
>
>>If you don't check then how do you know that it's really coming from
>>bay15-f3.bay15.hotmail.com? It's just as easy to spoof received lines
>>as it is to spoof FROM and MAIL FROM...
>  
> Spoofing the Received header my MTA adds isn't so easy, and that's where
> the hotmail hostnames appear. 
> 
>>You are also relating to the wrong part of the email. What SPF
>>Classic checks is the MAIL FROM aka ENVELOPE FROM
> 
> Would you mind pointing out in what way I was "relating to the wrong
> part of the email"? I don't recall actually making any such distinction,
> but perhaps I'm getting sloppy in my old age. 

Sorry. You brought up the hostname. I thought you had things mixed up...

> In any case, here's a concrete example.  Note the Return-Path header and
> the IP passing the message to my mail server (64.4.31.2) both refer to
> Hotmail. 
> 
>                       ---- snip, snip, snip ----
> Return-Path: <aarontutu2012@hotmail.com>
> Received: from hotmail.com (bay13-f2.bay13.hotmail.com [64.4.31.2])
>         by salt.tifaware.com (8.13.3/8.13.3) with ESMTP id j72DHfY6032615
>         for <theall@tifaware.com>; Tue, 2 Aug 2005 09:17:47 -0400
> Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
>          Tue, 2 Aug 2005 05:30:21 -0700
> Message-ID: <BAY13-F2B09FE9814A3F244D0FD1BDC20@phx.gbl>
> Received: from 216.139.164.27 by by13fd.bay13.hotmail.msn.com with HTTP;
>         Tue, 02 Aug 2005 12:30:21 GMT
> X-Originating-IP: [216.139.164.27]
> X-Originating-Email: [aarontutu2012@hotmail.com]
> X-Sender: aarontutu2012@hotmail.com
> Reply-To: tutu_aaron@yahoo.co.in
> From: "aaron tutu" <aarontutu2012@hotmail.com
>                       ---- snip, snip, snip ----
> 
> So, what good is SPF in such cases?

That's for the mail admin, in this case I believe that's you, to
decide. Where you are getting, 25% of your spam from Hotmail, just
looking at my spam from today, I got 0 out of 20. If I were in your
postion, and were using SPF, I might chose to REJECT messages
verified to be from Hotmail with a custom reject message. I don't
know anyone who uses Hotmail so I wouldn't be shooting myself in the
foot. Your case might be diferent.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug