[courier-users] RE: freemail list and questions about yahoo...

Tue, 06 Jan 2004 19:19:33 -0800 

Roger B.A. Klorese <[EMAIL PROTECTED]> wrote:
> Julian Mehnle wrote:
> > In which way?  Could you please describe an abstract requirements
> > scenario which cannot be satisfied by SPF?
> 
> Sure.
> 
> I connect my work machine to my home Earthlink network.
> 
> Since the only machine whose port 25 I am alowed to talk to is
> smtp.earthlink.net, I connect to it.
> 
> My client sends to it:
> MAIL FROM:<[EMAIL PROTECTED]>
> RCPT TO:<[EMAIL PROTECTED]>
> 
> smtp.earlink.net connects to smtp.fardomain.com and says:
> EHLO smtp.earthlink.net
> MAIL FROM:<[EMAIL PROTECTED]>
> 
> ...but it's not SPF'd for workdomain.com, of course.

But it *could* be.  You can set the following SPF record for workdomain.com (if 
Earthlink has their own SPF set up correctly):

  v=spf1 [...] include:earthlink.net -all

or (if Earthlink uses their incoming MXes as outgoing MXes as well):

  v=spf1 [...] mx:earthlink.net -all

or even (otherwise):

  v=spf1 [...] a:smtp.earthlink.net -all

Then you can send via Earthlink, with only minimally loosened SPF protection 
(theoretically, any Earthlink user could forge his mails as coming from 
workdomain.com).  qed.


Yahoo's scheme has the advantage that the owner of workdomain.com doesn't have to open 
his domain to forgery from other domains (like in the example above).  But as soon as 
a user @workdomain.com is forced to send through a 3rd party SMTP relay (like in the 
example above), either the user or that 3rd party would need access to the 
workdomain.com private key to properly sign the sent messages.

So essentially, the difference in this regard between SPF and the Yahoo scheme is that 
with SPF, the 3rd party must be trusted, while with the Yahoo scheme, the 3rd party OR 
the user @workdomain.com must be trusted.  I.e., with SPF, trust cannot be delegated 
to the user.

Did I get anything wrong?



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to