----- Original Message ----- From: "Cor Bosman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 10, 2004 4:06 AM Subject: Re: [Mimedefang] Deadline for SPF records
> > Let's say that the SPF record for futuresource.com says that the > > allowed relay is mail.futuresource.com. This means that mail coming > > from mail.futuresource.com (as the relay) is legitimate and that all > > other mail is likely to be forged. Now, why would > > mail.futuresource.com allow someone to spoof the envelope sender from > > its own domain? For example, my mail server has been configured to > > check all envelope sender addresses which are from local domains. > > Therefore, I can't send a message with an envelope sender of > > [EMAIL PROTECTED] If SPF was widely adopted, these two > > measures would effectively stop forgery of all wiktel.com addresses. > > Do you also check [EMAIL PROTECTED] If notfakeusername is a valid hotmail user, hotmail's mail server should be able to verify that. If hotmail also implements SPF, you can verify that the mail actaully came from a hotmail server. > What about people sending email themselves but receiving through your MX? SPF will allow your mail server to verify that the mail they're receiving is really coming from where it says it is - sort of. Granted, Spam that comes from a domain not using SPF can't be verified. But as mentioned before, it will stop bounces. > What about people that have access through another company with > one of your domains but they arent using your mailserver with > authentication? You mean like an employee on the road using a hotel's ISP or at a wireless hotspot connecting back to your mail server to send mail as from your company? _Make_ them use authentication. Although as I mentioned in an earlier message, I don't know if the current (E)SMTP authentication encrypts the password or sends it in cleartext. > What about receiving email from [EMAIL PROTECTED] from a mailserver > that isnt listed as being from AOL, to a valid customer of yours? I receive that sort of Spam mail all the time. If they're really an AOL customer, they should be using an AOL mail server. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
