ISP phishing
Niels Bakker
niels=nanog at bakker.net
Thu Jun 30 08:27:29 UTC 2005
* dot at dotat.at (Tony Finch) [Wed 29 Jun 2005, 15:28 CEST]:
>On Wed, 29 Jun 2005, Peter Corlett wrote:
>>Tony Finch <dot at dotat.at> wrote:
>>[...]
>>>Actually, what you have to guarantee is that you never send email to
>>>anyone who forwards their email elsewhere. This is impossible.
>>How do you figure that?
>>
>>The failure mode in this case is if somebody arranges "dumb" mail
>>forwarding that doesn't do envelope rewriting, and also applies a SPF
>>filter on their incoming mail. The problem is quite clearly of the
>>recipient's making rather than any fault of the sender's.
>Most forwarding services do nothing but change the envelope recipient
>address, and this has been standard practice for many many years. Sites
>that do SPF checking on incoming email must take this into account if
>their users forward email from elsewhere. However most sites do not do so,
>partly because the SPF documentation doesn't make it clear that they must,
>and partly because it's basically impossible - for every user that
>forwards email to your site you must whitelist the IP addresses of the
>forwarding mail servers, and you can't find out what those IP addresses
>are or when they change.
How do I configure my router for that?
-- Niels.
--
The idle mind is the devil's playground
More information about the NANOG
mailing list