Thanks, but that isn't what I want.... I already want to use SPF... In fact I want to use SPF-strict (a feature I once proposed many years ago and has been implemented ever since)
If one of the headers like Reply-to or envelope sender contains a domain on that shortlist (abn-amro.nl would be on there) that message may only be accepted when it comes from an IP of that domain's SPF-record.... An example (unlikely to happen) An employer of that Dutch bank has the e-mail address b...@abn-amro.nl That employer could go to his personal gmail-account and say he wants to send as b...@abn-amro.nl as well Google will verify his address... And now he can send messages with his personal account, using a "send on behalf of b...@abn-amro.nl" Although the SPF-record will be correct of that message as it is still a gmail-address I want that message blocked. This is a bit of a strange example and phishing is not done with gmail-accounts, but still.... I hope you now get what I mean. If things are still not clear I will publish that mail's headers, although I need to obfuscate some info.... Cheers -----Oorspronkelijk bericht----- > Afzender:Daniel Miller <dmil...@amfes.com <mailto:dmil...@amfes.com> > > Verstuurd: Woensdag 25 Maart 2015 18:14 > Aan: assp-test@lists.sourceforge.net <mailto:assp-test@lists.sourceforge.net> > Onderwerp: Re: [Assp-test] Prevent certain domains to be used with amiguous > origin (as anti-phishing) > > The question is can you define a static list of sending IP's for a > domain? If you can then ASSP can be told only to accept email for a > domain from those IP's. There are several options for this. One option > is use SPFoverride, and define a strict policy for the domain(s) in > question - assuming that's possible. Another option is one Fritz put > forward long ago - a kind of "block everything but trusted" approach. > > 1. Identify the list of valid sending IP's. > 2. Add that list to noProcessingIPs > 3. Add the domain to blackListedDomains > 4. Ensure DoBlackDomainNP is unchecked > > The advantage of using "true" SPF is the sender is able to modify their > own list of valid IP's - like when they change service providers. The > disadvantage is they have to actually define and maintain that record. > Some organizations have embraced it but many haven't. > > -- > Daniel > > > > On 3/25/2015 1:01 AM, Jean-Pierre van Melis wrote: > > Hi Grayhat. > > > > I probably used the wrong terminology.... > > > > It's not checked by SPF because it's not coming from a bank.... > > It does however reply to a bank.... I don't have the message here, so I > > would need to check it again.... > > > > No-one with good intentions (outside the bank itself) would use a domain of > > that bank. > > I'm not afraid of false positives. > > I think I could even block ALL mail coming from banks without losing any > > valuable mail, but I think it could be cleverer than that. > > Banks are not using mail for any important stuff. > > Phishing can do terrible things and we're expected to protect them from it. > > > > Can I send you an attachment with that false mail? > > > > I am talking about a very short list of domains that have to follow very > > strict rules. > > Maybe something like it has to follow the SPF of that domain even if it's > > only used as a header. > > > > To be successful with fishing they at least have to mention @abn-amro.nl > > (the domain of that bank) > > > > Cheers > > > > > > > > -----Oorspronkelijk bericht----- > >> Afzender:Grayhat <gray...@gmx.net <mailto:gray...@gmx.net> > >> <mailto:gray...@gmx.net <mailto:gray...@gmx.net> > > > >> Verstuurd: Dinsdag 24 Maart 2015 15:46 > >> Aan: assp-test@lists.sourceforge.net > >> <mailto:assp-test@lists.sourceforge.net> > >> <mailto:assp-test@lists.sourceforge.net > >> <mailto:assp-test@lists.sourceforge.net> > > >> Onderwerp: Re: [Assp-test] Prevent certain domains to be used with > >> amiguous origin (as anti-phishing) > >> > >> :: On Tue, 24 Mar 2015 14:06:29 +0100 > >> :: <zarafa.55116155.be48.464ae5f7799bf59d@zarafa-server.mirmana.local > >> <mailto:zarafa.55116155.be48.464ae5f7799bf59d@zarafa-server.mirmana.local> > >> <mailto:zarafa.55116155.be48.464ae5f7799bf59d@zarafa-server.mirmana.local > >> <mailto:zarafa.55116155.be48.464ae5f7799bf59d@zarafa-server.mirmana.local> > >> > > > >> :: Jean-Pierre van Melis <j...@mirmana.com <mailto:j...@mirmana.com> > >> <mailto:j...@mirmana.com <mailto:j...@mirmana.com> > > wrote: > >> > >>> coming from banks that are local in my country. Some of these banks > >>> use SPF-records and I've set all these domains to convert these > >>> SPF-records to strict. > >>> > >>> This isn't enough because these spammers are now using > >>> envelope-addresses and they are not scanned for SPF (well they > >>> shouldn't be) > >> uh... SPF *does* check envelope FROM ! It doesn't check the "mime" part > >> of the message but that's by design; sure, one may decide to implement > >> the SenderID and the so-called PRA mechanism > >> > >> https://tools.ietf.org/html/rfc4407 > >> > >> but sincerely I'm not sure it would bring advantages and, for sure it > >> may cause a whole lot of false-positives :P > >> > >> > >> ------------------------------------------------------------------------------ > >> Dive into the World of Parallel Programming The Go Parallel Website, > >> sponsored > >> by Intel and developed in partnership with Slashdot Media, is your hub for > >> all > >> things parallel software development, from weekly thought leadership blogs > >> to > >> news, videos, case studies, tutorials and more. Take a look and join the > >> conversation now. http://goparallel.sourceforge.net > >> <http://goparallel.sourceforge.net> <http://goparallel.sourceforge.net > >> <http://goparallel.sourceforge.net> > / > >> _______________________________________________ > >> Assp-test mailing list > >> Assp-test@lists.sourceforge.net <mailto:Assp-test@lists.sourceforge.net> > >> <mailto:Assp-test@lists.sourceforge.net > >> <mailto:Assp-test@lists.sourceforge.net> > > >> https://lists.sourceforge.net/lists/listinfo/assp-test > >> > > ------------------------------------------------------------------------------ > > Dive into the World of Parallel Programming The Go Parallel Website, > > sponsored > > by Intel and developed in partnership with Slashdot Media, is your hub for > > all > > things parallel software development, from weekly thought leadership blogs > > to > > news, videos, case studies, tutorials and more. Take a look and join the > > conversation now. http://goparallel.sourceforge.net > > <http://goparallel.sourceforge.net> / > > _______________________________________________ > > Assp-test mailing list > > Assp-test@lists.sourceforge.net <mailto:Assp-test@lists.sourceforge.net> > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net > <http://goparallel.sourceforge.net> / > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net <mailto:Assp-test@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/assp-test > ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
