Full Disclosure mailing list archives

Re: Re: Noise on the list

From: Valdis.Kletnieks () vt edu
Date: Tue, 21 Mar 2006 20:09:49 -0500

On Tue, 21 Mar 2006 17:25:42 EST, Micheal Espinola Jr said:

On SPF:  Perhaps some of the bogus impersonation posts would get
caught/blocked by a simple SPF check?


The problem with SPF is that it requires the manager of the purported source
domain to configure it, and possibly to take other actions as well.  So for
instance, gmail.com already publishes an SPF record - but it ends in "?all",
and will probably continue doing so as long as gmail.com mail can come from
places other than the main gmail servers.

And to fix *that* would require all the gmail users to configure their mail
clients to send via gmail's servers, which adds to the support costs.

Also, SPF doesn't exactly solve that problem - what it solves (if deployed to
do so) is answer the question "Is mail for foo.com expected to arrive from IP
address a.b.c.d?".  That's *not* precisely the same thing as "is this bogus
impersonated mail?".

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: FW: Noise on the list, (continued)
- - - Re: FW: Noise on the list Alexander Hristov (Mar 21)
- FW: Noise on the list Edward Pearson (Mar 21)
  - Re: Noise on the list Dave Korn (Mar 21)
    - Re: Re: Noise on the list GroundZero Security (Mar 21)
    - Re: Re: Noise on the list Jeff Rosowski (Mar 23)
    - Re: Re: Noise on the list Micheal Espinola Jr (Mar 21)
    - Re: Re: Noise on the list Sol Invictus (Mar 21)
    - Re: Re: Noise on the list Micheal Espinola Jr (Mar 21)
    - Re: Re: Noise on the list n3td3v (Mar 21)
    - Re: Re: Noise on the list Valdis . Kletnieks (Mar 21)
    - Re: Re: Noise on the list Valdis . Kletnieks (Mar 21)