Re: [dmarc-ietf] The sad state of SPF: research just presented at NDSS
> On Feb 28, 2024, at 6:33 PM, Barry Leiba wrote: > > A paper was presented this morning at NDSS about the state of SPF, which is > worth a read by this group: > > https://www.ndss-symposium.org/ndss-paper/breakspf-how-shared-infrastructures-magnify-spf-vulnerabilities-across-the-internet/ > Barry, Interesting. Appreciate the security note. Per document, 2.39% domains are the problem with CDN, HTTP Proxy, SMTP threat entry points. Not an SPF issue. If anything, add more SMTP command override support for immediate disconnect for GET, POST, etc, erroneous SMTP commands: // Script: Smtpfilter-GET.wcc: // add code to block GetCalllerID() Print “550 ” HangUp() End // Script: Smtpfilter-POST.wcc: // add code to block GetCalllerID() Print “550 ” HangUp() End All the best, Hector Santos ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
Re: [dmarc-ietf] The sad state of SPF: research just presented at NDSS
It appears that Barry Leiba said: >-=-=-=-=-=- > >A paper was presented this morning at NDSS about the state of SPF, which is >worth a read by this group: > >https://www.ndss-symposium.org/ndss-paper/breakspf-how-shared-infrastructures-magnify-spf-vulnerabilities-across-the-internet/ I was particuarly interested in all the ways they found to route their spam, e.g. through CDN web proxies. And it was impressive that you can embed the SMTP transaction inside an HTTP message and a lot of MTAs will just ignore all the HTTP junk and accept the mail. Postfix recognizes http commands like GET, POST, and CONNECT and disconnects immediately. R's, John ___ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
