[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Fwd: Undelivered Mail Returned to Sender



Quoting Markus Gaugusch <markus@xxxxxxxxxxx>:
>
> To prevent spoofing, you can enable SPF for your domain (SuSE should do so
> as well, and also everybody else who reads this). See http://spf.pobox.com
> for more information.
>
> Basically, SPF means that you insert a TXT record into your DNS zone that
> specifies which IP-addresses and MX servers are allowed to send mail with
> a FROM that contains your domain name.
>

SPF breaks forwarding.  My domains used to publish SPF info until my customers
started complaining.  If anyone from your domain sends mail to someone who uses
a forwarding service (very common in virtual domain setups), your mail will be
dropped.

For instance, let's say I own foo.com, and have it hosted at a hosting company,
having any mail sent to it forwarded to my local ISP mail account.  A fairly
typical setup for a domain owner of a small set.  If my local ISP uses SPF, I
will no longer recieve mail sent to foo.com.

My friend Bob sends the mail to foo.com, which then sends it to me.  The SPF for
Bob's domain doesn't list foo.com.  My mail gets dropped.

SPF is SERIOUSLY flawed.  Security is about getting the legitimate through while
blocking the bad.  SPF fails on this account.

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here