Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Authenticate Us From Evil » Why no revision to SMTP to include authentication?
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Post a:
Post a:
« limit the number of outgoing emails  
AuthorAll Replies


TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Brooklyn NYC
·Verizon Online DSL

reply to fantomposter
Re: Why no revision to SMTP to include authenticat

said by fantomposter See Profile:

Spammer controls his domain. He can set up DNS and SPF any way he wants to point to any machine he wants.
Any machine with an A record within his domain.

said by fantomposter See Profile:
So he lists the comcast trojaned machine as his domains mail server. And SPF fails.
He can't! He is not listed as authoritave for comcast IP's, he can use a redirect mechinism, but that does the oposite of what he wants.

My smtp server gets a connect from that trojened comcast machine, my server checks with COMCAST DNS for spf, not his DNS...

Think of SPF as an extension of MX. Only a list of a domains allowed "sending" servers instead of receiving servers (MX).

Spammer is toast!
--
Motor Vessel - Tamara B. - 43' Long-Range Trawler Cape Elizebeth ME.»www.tamara-b.org
to forum · permalink · · 2004-06-21 03:27:29 · Reply to this

fantomposter
Phantom Poster
Premium
join:2002-09-21
Independence, OH
said by TamaraB See Profile:

He can't! He is not listed as authoritave for comcast IP's, he can use a redirect mechinism, but that does the oposite of what he wants.
I have not seen a spec on SPF that says you check IP addresses. It only checks the SPF records for the domain name in the from field.

quote:

My smtp server gets a connect from that trojened comcast machine, my server checks with COMCAST DNS for spf, not his DNS...
You got that backwards. That is not what SPF does. If I have that wrong point me to a website that explains it is otherwise.

All SPF does is check the authoritative DNS for the DOMAIN name in the from field. It checks the DNS records for that domain name and makes sure there is an SPF record that shows the sending computers IP address. If spammer controls his own domain name then he can put any IP address he wants in the SPF record.

Check here: »spf.pobox.com/faq.html

And scroll down to the part where the headline is:

"It doesn't really prevent spam. Spammers can always get throwaway domains, etc."

Don't get me wrong, SPF is needed, to fix the virus bounces and the forged from address's in spam, it does a great job of that, but not much more.
to forum · permalink · · 2004-06-21 08:27:32 · Reply to this
Forums » Authenticate Us From Evil« limit the number of outgoing emails  

Monday, 09-Nov 11:32:29 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [30] VoIP Over 3G Still Not Working For iPhone
· [16] Bill Would Force ISPs To Block Financial Scams
· [7] Clearwire To Get Another $1.5 Billion
· [4] Mediacom Hints At 50, 100 Mbps Speeds
· [2] 15 States Have Now Gotten Broadband Mapping Money
Most people now reading
· Divorce advice... [General Questions]
· 60 Minutes piece on cyber security last night [Security]
· My cat is reluctant to exercise. [General Questions]
· Framed for child porn 151; by a PC virus [Security]
· [WIN7] Which Services in Win 7 Have You Turned Off? [Microsoft Help]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· [Rant] Brand New 'Jasper' Xbox360 - RRoD Hardware Failure [Rants, Raves, and Praise]
· Security Software Updates - 09 Nov 2009 [Security]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]