Re: [Asrg] misconception in SPF
Christian Grunfeld <christian.grunfeld@gmail.com> Sun, 09 December 2012 23:39 UTC
Return-Path: <christian.grunfeld@gmail.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A998C21F846B for <asrg@ietfa.amsl.com>; Sun, 9 Dec 2012 15:39:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.307
X-Spam-Level:
X-Spam-Status: No, score=-3.307 tagged_above=-999 required=5 tests=[AWL=0.292, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rCWy7Ui2sDiE for <asrg@ietfa.amsl.com>; Sun, 9 Dec 2012 15:39:08 -0800 (PST)
Received: from mail-ia0-f182.google.com (mail-ia0-f182.google.com [209.85.210.182]) by ietfa.amsl.com (Postfix) with ESMTP id 2DC8321F8681 for <asrg@irtf.org>; Sun, 9 Dec 2012 15:39:08 -0800 (PST)
Received: by mail-ia0-f182.google.com with SMTP id x2so3994933iad.13 for <asrg@irtf.org>; Sun, 09 Dec 2012 15:39:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=8Mm9beYAhjcIc0npF248jAxKdznCBOoZttKomhjVvKs=; b=w7TKCvlKgSmez4asEkG8swhVQVVm946f1sAP38+/gMww1z00yLkBJEGhTxY3UX4IPb tN1fwaMTk1+yau+EAypVP6X3flMap5LlaBz8EG23rRYodV+2lykCgO92rwuNCSDy8li7 ewkyWHZtnWd/meX8U1CpbLPWx731jKBjn4Pv7S1pVpisuRIE6qThYMQHK4S+ZsY4ZcA+ Jjgs7SFb43WopqVSkC7DmmX+4ygX/3pUSL4FRj0+tLwLgRelbfiOp2884aUWINrWcAOU OmfhaHZNDMK8pZeh7Oppge687S7sgG0542HI8JbM/xIugjxL8IYFNi7HJGOwzW0TQU6D H3zg==
MIME-Version: 1.0
Received: by 10.50.40.225 with SMTP id a1mr5083327igl.7.1355096347614; Sun, 09 Dec 2012 15:39:07 -0800 (PST)
Received: by 10.231.65.79 with HTTP; Sun, 9 Dec 2012 15:39:07 -0800 (PST)
In-Reply-To: <20121209213307.D90C12429B@panix5.panix.com>
References: <20121206212116.10328.qmail@joyce.lan> <50C1A95A.5000001@pscs.co.uk> <50C4A7F8.3010201@dcrocker.net> <CAFdugamTbTirVV2zXKOmc9oTaCS+QiTemhT=jvYJnHYscHQK7g@mail.gmail.com> <0D79787962F6AE4B84B2CC41FC957D0B20ACE6D0@ABN-EXCH1A.green.sophos> <20121209213307.D90C12429B@panix5.panix.com>
Date: Sun, 09 Dec 2012 20:39:07 -0300
Message-ID: <CAFduganBR_E-ui-3Xbic6F7qSmg1-Q+ideXLvb+1isLz8OF0Nw@mail.gmail.com>
From: Christian Grunfeld <christian.grunfeld@gmail.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Asrg] misconception in SPF
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Dec 2012 23:39:08 -0000
> There is no way for the owner of the overlying domain (who also owns > the subdomain) to force such email to FAIL. There should be a way to > specify "all valid email from this domain and subdomains comes only > from this set of IPs and no others" and SPF fails to provide one. > That's a weakness in the structure of SPF which ought to be fixed. there is ! you have to publish your sending IPs and also your not sending IPs/hosts/subdomains. > I'm with Martijn. Other than the test message you sent the other day, > I don't think I have ever seen a phish that used a subdomain of the > target. Ever. ...so the "vulneravility" exists ! may be spammers don't know it yet ! don't you believe that a phish with these characteristics could be worse than other? At my institution I have told my users to check mail headers whenever possible. They are physicists ... the ones who invented the www time ago, so they have some skill level to do it. I always told them: do not believe in what you see in the From: also check the envelope and any hop in between ! ....but what will I say them when they´ll see mails "comming" from a subdomain of the real domain that the mail claims to be from and no checks failed? I personally think this kind of phishing worse than common ones! For the ones that said we are treating SPF as the FUSSP or the best solution...the answer is no ! I use SMTP level client checks, helo checks, sender checks, recipient checks, rate limits, SPF, DKIM, greylists, spamassassin, etc. SPF is only one of which we are discussing now a misconception, misunderstanding or what you prefer. We can also disscuss about any of the other methods.
- Re: [Asrg] misconception in SPF John Levine
- [Asrg] misconception in SPF Christian Grunfeld
- Re: [Asrg] misconception in SPF Christian Grunfeld
- Re: [Asrg] misconception in SPF Derek Diget
- Re: [Asrg] misconception in SPF Martijn Grooten
- Re: [Asrg] misconception in SPF John Levine
- Re: [Asrg] misconception in SPF Christian Grunfeld
- Re: [Asrg] misconception in SPF Paul Smith
- Re: [Asrg] misconception in SPF Christian Grunfeld
- Re: [Asrg] misconception in SPF Andrew Sullivan
- Re: [Asrg] misconception in SPF Paul Smith
- Re: [Asrg] misconception in SPF darxus
- Re: [Asrg] misconception in SPF SM
- Re: [Asrg] misconception in SPF darxus
- Re: [Asrg] misconception in SPF Daniel Feenberg
- Re: [Asrg] misconception in SPF Paul Smith
- Re: [Asrg] misconception in SPF John Levine
- Re: [Asrg] various anti-spam techniques, was misc… John Levine
- Re: [Asrg] various anti-spam techniques, was misc… Rich Kulawiec
- Re: [Asrg] misconception in SPF SM
- Re: [Asrg] misconception in SPF Bill Cole
- Re: [Asrg] various anti-spam techniques, was misc… Christian Grunfeld
- Re: [Asrg] various anti-spam techniques, was misc… John Levine
- Re: [Asrg] misconception in SPF John Levine
- Re: [Asrg] misconception in SPF Alessandro Vesely
- Re: [Asrg] misconception in SPF Bill Cole
- Re: [Asrg] misconception in SPF Paul Smith
- Re: [Asrg] misconception in SPF Andrew Sullivan
- Re: [Asrg] misconception in SPF SM
- Re: [Asrg] misconception in SPF Dave Crocker
- Re: [Asrg] misconception in SPF Christian Grunfeld
- Re: [Asrg] misconception in SPF Dave Crocker
- Re: [Asrg] misconception in SPF Martijn Grooten
- Re: [Asrg] misconception in SPF John Levine
- Re: [Asrg] misconception in SPF Seth
- Re: [Asrg] misconception in SPF Christian Grunfeld
- Re: [Asrg] misconception in SPF John Levine
- Re: [Asrg] misconception in SPF John Levine
- Re: [Asrg] misconception in SPF Franck Martin
- Re: [Asrg] misconception in SPF Martijn Grooten
- Re: [Asrg] misconception in SPF Paul Smith
- Re: [Asrg] misconception in SPF Alessandro Vesely
- Re: [Asrg] misconception in SPF Martijn Grooten
- Re: [Asrg] misconception in SPF Dotzero
- Re: [Asrg] misconception in SPF Rich Kulawiec
- Re: [Asrg] misconception in SPF Christian Grunfeld
- Re: [Asrg] misconception in SPF Dave Crocker
- Re: [Asrg] misconception in SPF Chris Lewis
- [Asrg] whitelisting links (was Re: misconception … Dave Crocker
- Re: [Asrg] misconception in SPF Martijn Grooten
- Re: [Asrg] misconception in SPF Dave Crocker
- Re: [Asrg] misconception in SPF Christian Grunfeld
- Re: [Asrg] whitelisting links (was Re: misconcept… Paul Smith
- Re: [Asrg] misconception in SPF Martijn Grooten
- Re: [Asrg] whitelisting links (was Re: misconcept… Martijn Grooten
- Re: [Asrg] whitelisting links (was Re: misconcept… darxus
- Re: [Asrg] misconception in SPF Eggert, Lars
- Re: [Asrg] misconception in SPF Christian Grunfeld
- Re: [Asrg] whitelisting links (was Re: misconcept… Dave Crocker
- Re: [Asrg] whitelisting links (was Re: misconcept… Martijn Grooten
- Re: [Asrg] whitelisting links (was Re: misconcept… Michael Thomas
- Re: [Asrg] misconception in SPF John Levine
- Re: [Asrg] misconception in SPF Chris Lewis
- Re: [Asrg] whitelisting links (was Re: misconcept… Paul Smith
- Re: [Asrg] whitelisting links (was Re: misconcept… Steve Atkins
- Re: [Asrg] whitelisting links (was Re: misconcept… Martijn Grooten
- Re: [Asrg] whitelisting links (was Re: misconcept… Dave Crocker
- Re: [Asrg] whitelisting links (was Re: misconcept… Martijn Grooten
- Re: [Asrg] whitelisting links (was Re: misconcept… Christian Grunfeld
- Re: [Asrg] whitelisting links (was Re: misconcept… Dave Crocker
- Re: [Asrg] whitelisting links (was Re: misconcept… Chris Lewis
- Re: [Asrg] misconception in SPF Alessandro Vesely
- Re: [Asrg] whitelisting links (was Re: misconcept… Paul Smith
- Re: [Asrg] whitelisting links (was Re: misconcept… Martijn Grooten
- Re: [Asrg] misconception in SPF Martijn Grooten
- Re: [Asrg] whitelisting links (was Re: misconcept… Rich Kulawiec
- Re: [Asrg] whitelisting links (was Re: misconcept… Michael Thomas
- Re: [Asrg] misconception in SPF John Levine
- Re: [Asrg] whitelisting links (was Re: misconcept… John Johnson
- Re: [Asrg] misconception in SPF John Johnson
- Re: [Asrg] whitelisting links (was Re: misconcept… Michael Thomas
- Re: [Asrg] whitelisting links (was Re: misconcept… John Levine
- Re: [Asrg] misconception in SPF Dotzero
- Re: [Asrg] misconception in SPF John Levine
- Re: [Asrg] misconception in SPF Laura Atkins
- Re: [Asrg] DMARC, was misconception in SPF John Levine