Re: [Asrg] misconception in SPF

Christian Grunfeld <christian.grunfeld@gmail.com> Fri, 07 December 2012 02:09 UTC

Return-Path: <christian.grunfeld@gmail.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80B9421F86E2 for <asrg@ietfa.amsl.com>; Thu, 6 Dec 2012 18:09:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Level:
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FupqlL73CtUp for <asrg@ietfa.amsl.com>; Thu, 6 Dec 2012 18:09:45 -0800 (PST)
Received: from mail-ie0-f178.google.com (mail-ie0-f178.google.com [209.85.223.178]) by ietfa.amsl.com (Postfix) with ESMTP id C265021F86CC for <asrg@irtf.org>; Thu, 6 Dec 2012 18:09:45 -0800 (PST)
Received: by mail-ie0-f178.google.com with SMTP id c12so14106ieb.9 for <asrg@irtf.org>; Thu, 06 Dec 2012 18:09:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=m4SIihfa0mvoyuOyyMKL2XOwWeqx97mExA2AKW0Atyg=; b=vI3qwUR2UvEAGpe9vgZe5eReseZbUhE9GxpYS1X0mWe/Iu3M+QJvCxDvRLA1MbQady XQbRvgMFvhmdJh6BlGfpdYjeMc50yO21qtQ7ZAY8rMARavqFXmcsGoKpLsP88yDWHB6R 7HnvKkMaIFEZksKv62wVktkuN5OaWi4i/XpdB/IRQpKt+XPjBuQuw4E32qq0X+f1grX7 cIUU+KRDD/LKCW+4/5/iOkeg015HLvAt0CcwDrPhfatA8+XliwjldUBVdXQQzc+1bV1b jvuXbaXf9dHkSnerp+aYjqcT/mO2EbYinJ3tJ0zjNLa6/umJlPAGIdJwB2mRV4k9IW6V 5InQ==
MIME-Version: 1.0
Received: by 10.50.40.225 with SMTP id a1mr7917741igl.7.1354846185260; Thu, 06 Dec 2012 18:09:45 -0800 (PST)
Received: by 10.231.65.79 with HTTP; Thu, 6 Dec 2012 18:09:44 -0800 (PST)
In-Reply-To: <0D79787962F6AE4B84B2CC41FC957D0B20AC6B8F@ABN-EXCH1A.green.sophos>
References: <CAFduga=bjVh+cLLC5xnLR8b=zv7o-QoJtYBCMevEimiPdep0ZA@mail.gmail.com> <0D79787962F6AE4B84B2CC41FC957D0B20AC6B8F@ABN-EXCH1A.green.sophos>
Date: Thu, 06 Dec 2012 23:09:44 -0300
Message-ID: <CAFduga=KOu-PeRrz3GmDFC77OoeKBTQTNPmP6NwicvY+VUmjVA@mail.gmail.com>
From: Christian Grunfeld <christian.grunfeld@gmail.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Asrg] misconception in SPF
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2012 02:09:46 -0000

2012/12/6 Martijn Grooten <martijn.grooten@virusbtn.com>:

> You could also use aimport dot no (as some spammer sending a fake Twitter email did an hour ago). That domain doesn't have an SPF record either.

simple users are more confident if the sender seems real !

> As we're talking about the MAIL FROM in the SMTP envelope, which usually isn't shown to the user, I don't think this is a big problem.

faking From: header is as simple as faking MAIL FROM envelope !

> Perhaps your MTA or spam-filter does use the MAIL FROM in its decision whether to deliver the email or not. If it decides to deliver the message because it claims to come from Twitter, uses a subdomain of twitter.com and didn't fail SPF than that's very wrong. But I don't think it's SPF's fault.

I didn't say is SPF's fault. It's our fault