[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Fwd: Undelivered Mail Returned to Sender



It's off topic for this list and I won't post again, but there are
mechanisms in SPF for your scenerio.

Lyle
----- Original Message ----- 
From: <suse@xxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Friday, June 04, 2004 9:49 AM
Subject: Re: [suse-security] Fwd: Undelivered Mail Returned to Sender


> Quoting Markus Gaugusch <markus@xxxxxxxxxxx>:
> >
> > To prevent spoofing, you can enable SPF for your domain (SuSE should do
so
> > as well, and also everybody else who reads this). See
http://spf.pobox.com
> > for more information.
> >
> > Basically, SPF means that you insert a TXT record into your DNS zone
that
> > specifies which IP-addresses and MX servers are allowed to send mail
with
> > a FROM that contains your domain name.
> >
>
> SPF breaks forwarding.  My domains used to publish SPF info until my
customers
> started complaining.  If anyone from your domain sends mail to someone who
uses
> a forwarding service (very common in virtual domain setups), your mail
will be
> dropped.
>
> For instance, let's say I own foo.com, and have it hosted at a hosting
company,
> having any mail sent to it forwarded to my local ISP mail account.  A
fairly
> typical setup for a domain owner of a small set.  If my local ISP uses
SPF, I
> will no longer recieve mail sent to foo.com.
>
> My friend Bob sends the mail to foo.com, which then sends it to me.  The
SPF for
> Bob's domain doesn't list foo.com.  My mail gets dropped.
>
> SPF is SERIOUSLY flawed.  Security is about getting the legitimate through
while
> blocking the bad.  SPF fails on this account.
>
> -- 
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
>


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here