nanog mailing list archives

Re: ISP phishing

From: Mike Leber <mleber () he net>
Date: Wed, 29 Jun 2005 03:30:59 -0700 (PDT)



On Wed, 29 Jun 2005, Tony Finch wrote:

On Wed, 29 Jun 2005, Brad Knowles wrote:

    SPF is not a panacea.

    In fact, it is pretty much totally worthless, unless you are the sole
owner of a given domain and you can guarantee that all mail you ever send will
always be routed through the machines that you own and control, and you know
that you don't ever forward e-mail for any of your other accounts.


See my other email in regards to this mobile user strawman argument.  
Look in the archives for the same arguments against closing open relays.

Actually, what you have to guarantee is that you never send email to
anyone who forwards their email elsewhere. This is impossible.


This is incorrect.

SPF is an inbound filter.

This is in the recipients control, not yours.

Assume you send email to alice () alumni miskatonic edu and Alice forwards
that email address to alice () personaldomain org.

If the inbound mail server for alumni.miskatonic.edu has SPF or MX+
enabled for alice () alumni miskatonic edu and and you pass the test and your
mail is accepted by alumni.miskatonic.edu then that is the end of your
responsibility.

If Alice then decides to forward to alice () personaldomain org and Alice
wishes to use SPF or MX+ for the mailbox alice () personaldomain org as well
then Alice would whitelist the IP of the outbound mail server for
alumni.miskatonic.edu.

You don't have control over what forwarding, filtering, or whitelisting
Alice does with her personal mailbox.

If Alice wants to forward alice () alumni miskatonic edu to
alice () personaldomain org and use SPF or MX+ with alice () personaldomain org
presumably she won't block email from her other account and she can check
if she got it right really easy by sending email to
alice () alumni miskatonic edu.

+----------------- H U R R I C A N E - E L E C T R I C -----------------+
| Mike Leber           Direct Internet Connections   Voice 510 580 4100 |
| Hurricane Electric     Web Hosting  Colocation       Fax 510 580 4151 |
| mleber () he net                                       http://www.he.net |
+-----------------------------------------------------------------------+

Current thread:

Re: ISP phishing, (continued)
- - - Re: ISP phishing Gadi Evron (Jun 23)
    - Re: ISP phishing Joel Jaeggli (Jun 23)
    - Re: ISP phishing Valdis . Kletnieks (Jun 23)
    - Re: ISP phishing Robert Boyle (Jun 24)
  - Re: ISP phishing Mark Tombaugh (Jun 28)
    - Re: ISP phishing Brad Knowles (Jun 28)
    - Re: ISP phishing Paul Wouters (Jun 28)
    - Re: ISP phishing Robert Boyle (Jun 28)
    - Re: ISP phishing Brad Knowles (Jun 28)
    - Re: ISP phishing Tony Finch (Jun 29)
    - Re: ISP phishing Mike Leber (Jun 29)
    - Re: ISP phishing Suresh Ramasubramanian (Jun 29)
    - Re: ISP phishing Peter Corlett (Jun 29)
    - Re: ISP phishing Brad Knowles (Jun 30)
    - Re: ISP phishing william(at)elan.net (Jun 29)
    - Re: ISP phishing Suresh Ramasubramanian (Jun 29)
    - Re: ISP phishing william(at)elan.net (Jun 29)
    - Re: ISP phishing Suresh Ramasubramanian (Jun 29)
    - Re: ISP phishing Tony Finch (Jun 29)
    - Re: ISP phishing william(at)elan.net (Jun 29)
    - Re: ISP phishing Peter Corlett (Jun 29)

(Thread continues...)