Re: [Asrg] misconception in SPF

"John Levine" <johnl@taugh.com> Mon, 10 December 2012 00:17 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BCF121F8D92 for <asrg@ietfa.amsl.com>; Sun, 9 Dec 2012 16:17:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.36
X-Spam-Level:
X-Spam-Status: No, score=-106.36 tagged_above=-999 required=5 tests=[AWL=0.539, BAYES_00=-2.599, HABEAS_ACCREDITED_SOI=-4.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1K0f2EYrlSOQ for <asrg@ietfa.amsl.com>; Sun, 9 Dec 2012 16:17:15 -0800 (PST)
Received: from leila.iecc.com (leila6.iecc.com [IPv6:2001:470:1f07:1126:0:4c:6569:6c61]) by ietfa.amsl.com (Postfix) with ESMTP id 4330621F8D95 for <asrg@irtf.org>; Sun, 9 Dec 2012 16:17:15 -0800 (PST)
Received: (qmail 3035 invoked from network); 10 Dec 2012 00:17:14 -0000
Received: from leila.iecc.com (64.57.183.34) by mail1.iecc.com with QMQP; 10 Dec 2012 00:17:14 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:vbr-info; s=50c52a0a.xn--9vv.k1211; i=johnl@user.iecc.com; bh=PuZGlEFjcOfhnN0iQw3xtkXtrceY92ijhKh3Y5HccnM=; b=wLH2Nza9rGRF7datlg5Fu5vTdZVqVbL++D0W5+5dLPMg4QyyJ+oHo7+lZjmvJbNQGE4hmJ+YuJZq+ZbnR2wiA0xv2JvTks2oqIIDB6kiW7pZeYr/pyXFG+56NuWcxMh850LHcJN0w2PpZd8s9EDchiiX0lQ0m6hX0sXYJUwMZMs=
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:vbr-info; s=50c52a0a.xn--9vv.k1211; olt=johnl@user.iecc.com; bh=PuZGlEFjcOfhnN0iQw3xtkXtrceY92ijhKh3Y5HccnM=; b=d75LdI2SZ1JKwrwVYR0RORGB+Qd0jNtEfwlWRNqRsFiM5nQOWsyRe1pWjr1+p9w71OgBVD40FEgDYFtsrIn0mClFk0ZR+t2WLpJFbTb6+WI9kLkygZUqe9Ijj8IjuCqebzKGoAbVPL91UCsuGL3WQfqVlTTc/l4y/DFH1VxbEwo=
VBR-Info: md=iecc.com; mc=all; mv=dwl.spamhaus.org
Date: Mon, 10 Dec 2012 00:16:52 -0000
Message-ID: <20121210001652.21070.qmail@joyce.lan>
From: John Levine <johnl@taugh.com>
To: asrg@irtf.org
In-Reply-To: <CAFduganBR_E-ui-3Xbic6F7qSmg1-Q+ideXLvb+1isLz8OF0Nw@mail.gmail.com>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 7bit
Subject: Re: [Asrg] misconception in SPF
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Dec 2012 00:17:16 -0000

>...so the "vulneravility" exists ! may be spammers don't know it yet !
>don't you believe that a phish with these characteristics could be
>worse than other?

No, I don't see any reason to think that www.paypal.com is more likely
to fool users than paypaI.com.  Because of the way that Paypal uses
Akamai to distribute its load, adding a TXT record to www.paypal.com
would be rather difficult.

SPF has been around for about a decade.  If this hack were useful, I
think we can assume that spammers would use it.

R's,
John