On 09/07/14 17:35, Stephen Rothwell wrote: > Hi Hamish, > > On Wed, 09 Jul 2014 17:27:08 +1000 Hamish Moffatt <ham...@cloud.net.au> wrote: >> Consider implementing SPF to prevent this. >> http://en.wikipedia.org/wiki/Sender_Policy_Framework >> >> In summary, through the DNS you publish a list of all servers authorised >> to send mail from your domain, and how strict you want recipients to be. >> An SPF-aware receiving host will check the DNS when it receives mail, >> and reject any received from unlisted servers. This prevents your email >> address being forged. > SPF is broken by design (consider forwarding - including mailing > lists). Unfortunately, some of the bigger players are now using it to > make decisions :-(
http://www.openspf.org/FAQ/Forwarding - ie it's not difficult to deal with by changing the envelope sender address at the forwarder/mailing list. Note that that's not the visible From: header. And that doesn't seem too unreasonable to me, else the forwarder is effectively forging my address. What else? > It also doesn't help for those with email addresses in domains that > other people using the same domain post from lots of different places. > (e.g. other members of my family use various ISP's outgoing mail > servers) > Yes, that's true. It might not suit all domains, and users might need to adapt. Any reason why your other family members couldn't use an authorised sender instead though? Email security is pretty poor, can we expect to fix it without the users changing their configurations at all? Hamish _______________________________________________ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
