Re: Sender Spoofing via SMTP

[Tomasz Nidecki <tonid () hakin9 org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

Tuesday, November 8, 2005, 10:05:03 PM, Matt wrote:

> Could you be a little more specific when talking about SPF breaking the
> functionality of the mail server?

Hopefully my message <222122663.20051108115614 () hakin9 org> answers
this, if not, please have a look at the webpage:

http://homepages.tesco.net/~J.deBoynePollard/FGA/smtp-spf-is-harmful.html

> I have been using SPF for about a year now and I have not seen any weird
> or problematic symptoms.  I am curious as to what some of the pitfalls
> are surrounding it.

Well, managing a mail server at our company I see SPF pitfalls every
day in the form of forwarded mail bounces to all mail directed to SPF
protected servers...

> I must also say that SPF is most definitely not a fix; it is just one
> more layer in place to secure my mail server.

It's a good way to protect your domain against joejobs [but nowhere
near ideal], but I find it quite ineffective as a spam protection
technique.

In my experiences, greylisting is the technique of choice now when
fighting spam, which not only adds a very effective layer, but also
has no false positives [!].

- --
Tomasz Nidecki, Sekr. Redakcji / Managing Editor
hakin9 magazine            http://www.hakin9.org
mailto:tonid () hakin9 org      jid:tonid () tonid net

Do you know what "hacker" means?
http://www.catb.org/~esr/faqs/hacker-howto.html

Czy wiesz, co znaczy slowo "haker"?
http://www.jtz.org.pl/Inne/hacker-howto-pl.html

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUAQ3HY7ER7PdagQ735AQGw/AQAlFfBuwwL6WMixUc5A8UZdDtdGwSDtpW1
pmjXnt2YOXxI+bXQrghQXQMSSORhw2HhXgf+wCr2Gqwt194bOd1lNxAI6fh/fexN
GUZ4dAsRrp67qMLr87Wc8GTD+f7IdrpmgkC2ViLYNqYHFrcP/1DfmKjbKG2qB/PI
ql8NaYGWY+4=
=yTGZ
-----END PGP SIGNATURE-----