Re: [Asrg] misconception in SPF
"John Levine" <johnl@taugh.com> Sun, 09 December 2012 19:16 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5AA121F843B for <asrg@ietfa.amsl.com>; Sun, 9 Dec 2012 11:16:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.306
X-Spam-Level:
X-Spam-Status: No, score=-106.306 tagged_above=-999 required=5 tests=[AWL=0.593, BAYES_00=-2.599, HABEAS_ACCREDITED_SOI=-4.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WrhXa2JvOlqd for <asrg@ietfa.amsl.com>; Sun, 9 Dec 2012 11:16:40 -0800 (PST)
Received: from leila.iecc.com (leila6.iecc.com [IPv6:2001:470:1f07:1126:0:4c:6569:6c61]) by ietfa.amsl.com (Postfix) with ESMTP id 06C0621F842C for <asrg@irtf.org>; Sun, 9 Dec 2012 11:16:39 -0800 (PST)
Received: (qmail 44584 invoked from network); 9 Dec 2012 19:16:36 -0000
Received: from leila.iecc.com (64.57.183.34) by mail1.iecc.com with QMQP; 9 Dec 2012 19:16:36 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:vbr-info; s=50c4e394.xn--btvx9d.k1211; i=johnl@user.iecc.com; bh=sIXqkKonlFqnktUfsasjhmVMJ5zMXXjHI/PWTdU+hYk=; b=z7chItU1Qqoxd8CM3eO6VUlX5sTNl7jPAn2DG7oNkk5tScBOieDGojNc+QbyIdXdTjg27287xraPe4gUYOl6GYQtzGMkbOUA2o/U4SOpGG3WIBf3tFRjOsZAWUMJ51b9xwTzQDVWiWI2DkkR3eF9WDIuzSuClrgT7LdoY+o64v0=
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:vbr-info; s=50c4e394.xn--btvx9d.k1211; olt=johnl@user.iecc.com; bh=sIXqkKonlFqnktUfsasjhmVMJ5zMXXjHI/PWTdU+hYk=; b=J8CAY9oHEKMno8Um8Fqujy8Jn28hEC4/F5ucL/ePagegEiqT5gGyPf4xw6WErag6b/qR3iVje7u36MF8mSH5/fo/4IQHM+6ZlNHwJF8Ysavllf33FEMcLpJJaOk6jfNWguWNFZacpPZChPI9HuoJs3iVlaNHLtIznXRP4xTSASQ=
VBR-Info: md=iecc.com; mc=all; mv=dwl.spamhaus.org
Date: Sun, 09 Dec 2012 19:16:14 -0000
Message-ID: <20121209191614.11143.qmail@joyce.lan>
From: John Levine <johnl@taugh.com>
To: asrg@irtf.org
In-Reply-To: <0D79787962F6AE4B84B2CC41FC957D0B20ACE6D0@ABN-EXCH1A.green.sophos>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 7bit
Subject: Re: [Asrg] misconception in SPF
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Dec 2012 19:16:40 -0000
>> a forged email pass anyway No antiforgery scheme can defend against fakes that only sort of match the forgery target. We call this the paypai problem. The only approach I can see that has any hope of success is to figure out some way to mark real mail from a category of targets (banks, say) in a way that bad guys can't fake. But this is specific to each target group. The fact that mail from me doesn't have a seal saying that it's from a bank doesn't mean that it's forged or otherwise bad. >> I think is a misunderstanding of a huge part of the operators > >Is it? Have you evidence, even if it is only anecdotal, that such a misunderstanding exists? I'm with Martijn. Other than the test message you sent the other day, I don't think I have ever seen a phish that used a subdomain of the target. Ever.
- Re: [Asrg] misconception in SPF John Levine
- [Asrg] misconception in SPF Christian Grunfeld
- Re: [Asrg] misconception in SPF Christian Grunfeld
- Re: [Asrg] misconception in SPF Derek Diget
- Re: [Asrg] misconception in SPF Martijn Grooten
- Re: [Asrg] misconception in SPF John Levine
- Re: [Asrg] misconception in SPF Christian Grunfeld
- Re: [Asrg] misconception in SPF Paul Smith
- Re: [Asrg] misconception in SPF Christian Grunfeld
- Re: [Asrg] misconception in SPF Andrew Sullivan
- Re: [Asrg] misconception in SPF Paul Smith
- Re: [Asrg] misconception in SPF darxus
- Re: [Asrg] misconception in SPF SM
- Re: [Asrg] misconception in SPF darxus
- Re: [Asrg] misconception in SPF Daniel Feenberg
- Re: [Asrg] misconception in SPF Paul Smith
- Re: [Asrg] misconception in SPF John Levine
- Re: [Asrg] various anti-spam techniques, was misc… John Levine
- Re: [Asrg] various anti-spam techniques, was misc… Rich Kulawiec
- Re: [Asrg] misconception in SPF SM
- Re: [Asrg] misconception in SPF Bill Cole
- Re: [Asrg] various anti-spam techniques, was misc… Christian Grunfeld
- Re: [Asrg] various anti-spam techniques, was misc… John Levine
- Re: [Asrg] misconception in SPF John Levine
- Re: [Asrg] misconception in SPF Alessandro Vesely
- Re: [Asrg] misconception in SPF Bill Cole
- Re: [Asrg] misconception in SPF Paul Smith
- Re: [Asrg] misconception in SPF Andrew Sullivan
- Re: [Asrg] misconception in SPF SM
- Re: [Asrg] misconception in SPF Dave Crocker
- Re: [Asrg] misconception in SPF Christian Grunfeld
- Re: [Asrg] misconception in SPF Dave Crocker
- Re: [Asrg] misconception in SPF Martijn Grooten
- Re: [Asrg] misconception in SPF John Levine
- Re: [Asrg] misconception in SPF Seth
- Re: [Asrg] misconception in SPF Christian Grunfeld
- Re: [Asrg] misconception in SPF John Levine
- Re: [Asrg] misconception in SPF John Levine
- Re: [Asrg] misconception in SPF Franck Martin
- Re: [Asrg] misconception in SPF Martijn Grooten
- Re: [Asrg] misconception in SPF Paul Smith
- Re: [Asrg] misconception in SPF Alessandro Vesely
- Re: [Asrg] misconception in SPF Martijn Grooten
- Re: [Asrg] misconception in SPF Dotzero
- Re: [Asrg] misconception in SPF Rich Kulawiec
- Re: [Asrg] misconception in SPF Christian Grunfeld
- Re: [Asrg] misconception in SPF Dave Crocker
- Re: [Asrg] misconception in SPF Chris Lewis
- [Asrg] whitelisting links (was Re: misconception … Dave Crocker
- Re: [Asrg] misconception in SPF Martijn Grooten
- Re: [Asrg] misconception in SPF Dave Crocker
- Re: [Asrg] misconception in SPF Christian Grunfeld
- Re: [Asrg] whitelisting links (was Re: misconcept… Paul Smith
- Re: [Asrg] misconception in SPF Martijn Grooten
- Re: [Asrg] whitelisting links (was Re: misconcept… Martijn Grooten
- Re: [Asrg] whitelisting links (was Re: misconcept… darxus
- Re: [Asrg] misconception in SPF Eggert, Lars
- Re: [Asrg] misconception in SPF Christian Grunfeld
- Re: [Asrg] whitelisting links (was Re: misconcept… Dave Crocker
- Re: [Asrg] whitelisting links (was Re: misconcept… Martijn Grooten
- Re: [Asrg] whitelisting links (was Re: misconcept… Michael Thomas
- Re: [Asrg] misconception in SPF John Levine
- Re: [Asrg] misconception in SPF Chris Lewis
- Re: [Asrg] whitelisting links (was Re: misconcept… Paul Smith
- Re: [Asrg] whitelisting links (was Re: misconcept… Steve Atkins
- Re: [Asrg] whitelisting links (was Re: misconcept… Martijn Grooten
- Re: [Asrg] whitelisting links (was Re: misconcept… Dave Crocker
- Re: [Asrg] whitelisting links (was Re: misconcept… Martijn Grooten
- Re: [Asrg] whitelisting links (was Re: misconcept… Christian Grunfeld
- Re: [Asrg] whitelisting links (was Re: misconcept… Dave Crocker
- Re: [Asrg] whitelisting links (was Re: misconcept… Chris Lewis
- Re: [Asrg] misconception in SPF Alessandro Vesely
- Re: [Asrg] whitelisting links (was Re: misconcept… Paul Smith
- Re: [Asrg] whitelisting links (was Re: misconcept… Martijn Grooten
- Re: [Asrg] misconception in SPF Martijn Grooten
- Re: [Asrg] whitelisting links (was Re: misconcept… Rich Kulawiec
- Re: [Asrg] whitelisting links (was Re: misconcept… Michael Thomas
- Re: [Asrg] misconception in SPF John Levine
- Re: [Asrg] whitelisting links (was Re: misconcept… John Johnson
- Re: [Asrg] misconception in SPF John Johnson
- Re: [Asrg] whitelisting links (was Re: misconcept… Michael Thomas
- Re: [Asrg] whitelisting links (was Re: misconcept… John Levine
- Re: [Asrg] misconception in SPF Dotzero
- Re: [Asrg] misconception in SPF John Levine
- Re: [Asrg] misconception in SPF Laura Atkins
- Re: [Asrg] DMARC, was misconception in SPF John Levine