IETF Logo Mail Archive

Re: [Asrg] misconception in SPF

Christian Grunfeld <christian.grunfeld@gmail.com> Mon, 10 December 2012 17:00 UTC

Return-Path: <christian.grunfeld@gmail.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CA4821F8532 for <asrg@ietfa.amsl.com>; Mon, 10 Dec 2012 09:00:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.38
X-Spam-Level:
X-Spam-Status: No, score=-3.38 tagged_above=-999 required=5 tests=[AWL=0.219, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N3huOw6lObua for <asrg@ietfa.amsl.com>; Mon, 10 Dec 2012 09:00:51 -0800 (PST)
Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by ietfa.amsl.com (Postfix) with ESMTP id A60EF21F8528 for <asrg@irtf.org>; Mon, 10 Dec 2012 09:00:51 -0800 (PST)
Received: by mail-vb0-f54.google.com with SMTP id l1so3526422vba.13 for <asrg@irtf.org>; Mon, 10 Dec 2012 09:00:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=UxqxRq/yBYlhlsQURwZGbQ55gYMQkZmVBTX6rPDgZ5A=; b=MegpptizEMyVJ2WQok2qRKxrD9TRV2QxrMsxVqsKe0Enbx+kWRQAt31bdAJ4z690eq M625okdnHIbv4CCoth9nZmN9g6vbbrbJ7HaMEDgc/IQxW0bPk/wMC+T4DVtcteHQle4A 4I75ah/fWdLaXZMqCXUWYBO/hFQJjiLXPGw2Gl5AUeOzjYUSoYsiNVD2O7vTDhTPiuR9 5ulVsUzQ4edTFDdMrJcaJDw9R8ALVdDnT6eyL/UlMsUgfR2IgETdvesZhY1wJkVPrrfi zIoXBOnacQPFk5FxUxb/uGlul8nvPpKDtEb9e35MvoTx48i6yy5IEMLSmcn+pAaJOFmz cGkg==
MIME-Version: 1.0
Received: by 10.220.239.143 with SMTP id kw15mr9108989vcb.62.1355158850727; Mon, 10 Dec 2012 09:00:50 -0800 (PST)
Received: by 10.58.235.131 with HTTP; Mon, 10 Dec 2012 09:00:50 -0800 (PST)
In-Reply-To: <50C60F9E.1060202@mustelids.ca>
References: <20121206212116.10328.qmail@joyce.lan> <50C1A95A.5000001@pscs.co.uk> <50C4A7F8.3010201@dcrocker.net> <CAFdugamTbTirVV2zXKOmc9oTaCS+QiTemhT=jvYJnHYscHQK7g@mail.gmail.com> <0D79787962F6AE4B84B2CC41FC957D0B20ACE6D0@ABN-EXCH1A.green.sophos> <20121209213307.D90C12429B@panix5.panix.com> <CAFduganBR_E-ui-3Xbic6F7qSmg1-Q+ideXLvb+1isLz8OF0Nw@mail.gmail.com> <0D79787962F6AE4B84B2CC41FC957D0B20ACFFE1@ABN-EXCH1A.green.sophos> <50C5A9A0.105@pscs.co.uk> <0D79787962F6AE4B84B2CC41FC957D0B20AD01B2@ABN-EXCH1A.green.sophos> <20121210145627.GA21217@gsp.org> <CAFdugakdqoN7S2YuWEVHo_YaOZJTPKt1w7tdcn8oasB=gb+qcg@mail.gmail.com> <50C60F9E.1060202@mustelids.ca>
Date: Mon, 10 Dec 2012 14:00:50 -0300
Message-ID: <CAFdugakaY6Lh_5HR8xN7YqrimO9nM72mpxtLwE7T0CpKFu75tA@mail.gmail.com>
From: Christian Grunfeld <christian.grunfeld@gmail.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Asrg] misconception in SPF
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Dec 2012 17:00:52 -0000

2012/12/10 Chris Lewis <clewis+ietf@mustelids.ca>ca>:

> You mean like this?
>
> _spf.google.com.        300     IN      TXT     "v=spf1 include:_netblocks.google.com ?all"


google´s domain for sending mail is gmail.com.
gmail.com is a virtual domain with no subdomains (afaik) and is mapped
onto google, so if you check the senders no aa@bb.gmail.com could pass
even using SPF or not.

as you said, if you dig:

dig -t txt gmail.com
;; ANSWER SECTION:
gmail.com.              244     IN      TXT     "v=spf1
redirect=_spf.google.com"

dig -t txt _spf.google.com
;; ANSWER SECTION:
_spf.google.com.        300     IN      TXT     "v=spf1
include:_netblocks.google.com ?all"

if you dig a bit more:

dig -t txt www.google.com

you get no answer because there is not SPF record for www.google.com,
so you can forge emails as if they come from www.google.com even if
there exists an SPF record for google.com !

v2.8.7 | Report a Bug | By Email