The question is can you define a static list of sending IP's for a domain? If you can then ASSP can be told only to accept email for a domain from those IP's. There are several options for this. One option is use SPFoverride, and define a strict policy for the domain(s) in question - assuming that's possible. Another option is one Fritz put forward long ago - a kind of "block everything but trusted" approach.
1. Identify the list of valid sending IP's. 2. Add that list to noProcessingIPs 3. Add the domain to blackListedDomains 4. Ensure DoBlackDomainNP is unchecked The advantage of using "true" SPF is the sender is able to modify their own list of valid IP's - like when they change service providers. The disadvantage is they have to actually define and maintain that record. Some organizations have embraced it but many haven't. -- Daniel On 3/25/2015 1:01 AM, Jean-Pierre van Melis wrote: > Hi Grayhat. > > I probably used the wrong terminology.... > > It's not checked by SPF because it's not coming from a bank.... > It does however reply to a bank.... I don't have the message here, so I would > need to check it again.... > > No-one with good intentions (outside the bank itself) would use a domain of > that bank. > I'm not afraid of false positives. > I think I could even block ALL mail coming from banks without losing any > valuable mail, but I think it could be cleverer than that. > Banks are not using mail for any important stuff. > Phishing can do terrible things and we're expected to protect them from it. > > Can I send you an attachment with that false mail? > > I am talking about a very short list of domains that have to follow very > strict rules. > Maybe something like it has to follow the SPF of that domain even if it's > only used as a header. > > To be successful with fishing they at least have to mention @abn-amro.nl > (the domain of that bank) > > Cheers > > > > -----Oorspronkelijk bericht----- >> Afzender:Grayhat <gray...@gmx.net <mailto:gray...@gmx.net> > >> Verstuurd: Dinsdag 24 Maart 2015 15:46 >> Aan: assp-test@lists.sourceforge.net <mailto:assp-test@lists.sourceforge.net> >> Onderwerp: Re: [Assp-test] Prevent certain domains to be used with amiguous >> origin (as anti-phishing) >> >> :: On Tue, 24 Mar 2015 14:06:29 +0100 >> :: <zarafa.55116155.be48.464ae5f7799bf59d@zarafa-server.mirmana.local >> <mailto:zarafa.55116155.be48.464ae5f7799bf59d@zarafa-server.mirmana.local> > >> :: Jean-Pierre van Melis <j...@mirmana.com <mailto:j...@mirmana.com> > wrote: >> >>> coming from banks that are local in my country. Some of these banks >>> use SPF-records and I've set all these domains to convert these >>> SPF-records to strict. >>> >>> This isn't enough because these spammers are now using >>> envelope-addresses and they are not scanned for SPF (well they >>> shouldn't be) >> uh... SPF *does* check envelope FROM ! It doesn't check the "mime" part >> of the message but that's by design; sure, one may decide to implement >> the SenderID and the so-called PRA mechanism >> >> https://tools.ietf.org/html/rfc4407 >> >> but sincerely I'm not sure it would bring advantages and, for sure it >> may cause a whole lot of false-positives :P >> >> >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming The Go Parallel Website, >> sponsored >> by Intel and developed in partnership with Slashdot Media, is your hub for >> all >> things parallel software development, from weekly thought leadership blogs to >> news, videos, case studies, tutorials and more. Take a look and join the >> conversation now. http://goparallel.sourceforge.net >> <http://goparallel.sourceforge.net> / >> _______________________________________________ >> Assp-test mailing list >> Assp-test@lists.sourceforge.net <mailto:Assp-test@lists.sourceforge.net> >> https://lists.sourceforge.net/lists/listinfo/assp-test >> > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
