Re: [dmarc-ietf] Fwd: The sad state of SPF: research just presented at NDSS

On March 12, 2024 11:42:11 PM UTC, John Levine wrote: >It appears that Scott Kitterman said: >>Or, as RFC 4408 and RFC 7208 warn against, ESPs don't allow customers to send >>mail for anything other than their own domains. ESP customers, don't use >>ESPs that do this. > >It's not just

Re: [dmarc-ietf] Fwd: The sad state of SPF: research just presented at NDSS

On 3/12/2024 6:42 PM, John Levine wrote: It appears that Scott Kitterman said: Or, as RFC 4408 and RFC 7208 warn against, ESPs don't allow customers to send mail for anything other than their own domains. ESP customers, don't use ESPs that do this. It's not just ESPs. There's a widely

Re: [dmarc-ietf] Fwd: The sad state of SPF: research just presented at NDSS

It appears that Scott Kitterman said: >Or, as RFC 4408 and RFC 7208 warn against, ESPs don't allow customers to send >mail for anything other than their own domains. ESP customers, don't use ESPs >that do this. It's not just ESPs. There's a widely reported bug that lets anyone whose mail is

Re: [dmarc-ietf] Fwd: The sad state of SPF: research just presented at NDSS

On March 12, 2024 5:37:47 PM UTC, Richard Clayton wrote: >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA1 > >In message , Scott >Kitterman writes > >>Or, as RFC 4408 and RFC 7208 warn against, ESPs don't allow customers to send >>mail for anything other than their own domains. ESP

Re: [dmarc-ietf] Fwd: The sad state of SPF: research just presented at NDSS

> On Mar 11, 2024, at 10:38 PM, Neil Anuskiewicz wrote: > >  > The solution to that vulnerability is in part use a subdomain and, when > possible, narrow the scope of what you permit. Better yet, choose a vendor > that’s known for tight security. A quick Look at the the security headlines

Re: [dmarc-ietf] Fwd: The sad state of SPF: research just presented at NDSS

On Mar 12, 2024, at 9:05 AM, Dotzero wrote:Neil, SPF essentially deals with hosts and IP address ranges. Your suggested solution does not address the main problem(s) raised in the research.One approach that potentially addresses the SPF problem of shared hosting would be for ESPs to use IPv6

Re: [dmarc-ietf] Fwd: The sad state of SPF: research just presented at NDSS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In message , Scott Kitterman writes >Or, as RFC 4408 and RFC 7208 warn against, ESPs don't allow customers to send >mail for anything other than their own domains. ESP customers, don't use ESPs >that do this. leaving aside how practical this

Re: [dmarc-ietf] Fwd: The sad state of SPF: research just presented at NDSS

Or, as RFC 4408 and RFC 7208 warn against, ESPs don't allow customers to send mail for anything other than their own domains. ESP customers, don't use ESPs that do this. Scott K On March 12, 2024 4:05:15 PM UTC, Dotzero wrote: >Neil, SPF essentially deals with hosts and IP address ranges.

Re: [dmarc-ietf] Fwd: The sad state of SPF: research just presented at NDSS

Neil, SPF essentially deals with hosts and IP address ranges. Your suggested solution does not address the main problem(s) raised in the research. One approach that potentially addresses the SPF problem of shared hosting would be for ESPs to use IPv6 address space for sending. Each customer can

Re: [dmarc-ietf] Fwd: The sad state of SPF: research just presented at NDSS

The solution to that vulnerability is in part use a subdomain and, when possible, narrow the scope of what you permit. Better yet, choose a vendor that’s known for tight security. A quick Look at the the security headlines will show you some vendor red flags. But the sad state of spf is a

[dmarc-ietf] Fwd: The sad state of SPF: research just presented at NDSS

Hi Everyone, I am Chuhan Wang from Tsinghua University, the author of paper BreakSPF: How Shared Infrastructures Magnify SPF Vulnerabilities Across the Internet. Thanks Barry for sharing our paper presented at NDSS regarding the vulnerabilities of SPF in this work group. I'm glad to see that