It appears that Tim Wicinski <[email protected]> said: >A malicious sender needs two properties to perform such a SPF upgrade >attack: > > 1) a receiver that will forward quarantined messages, and
do so without changing the bounce address. Solution: Don't Do That. >> Finally, I don't think this is particularly unique to SPF. If you replace >> "finds a SPF policy that covers the forwarding IPs" with something like >> finds a third party willing to sign the message, I expect I could construct >> a similar (if not quite as easy) DKIM based scenario. No, then it has the forwarding party's signature which isn't aligned with the From header. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
