Also I don't understand why mailing lists /have to/ work this way. I
know it's long-time established standard just like e-mails, but flawed
and people are abusing it, because it's extremely easy to do that.
Mailing list daemon doesn't have to pretend that e-mail was sent by me
or someone else, it could as well send it from its own address
firstname.lastname@example.org and write somewhere else that the mail was
sent by me to this list - in fact it could even hide the email or
somehow obfuscate it and keep just my real name, so that people wouldn't
be able to send spam in there.
I know that this would break existing standards (which are flawed by
design TBH), but why not at least make this as an optional feature? SA
could at least add some sort of a warning to mail so that it's obvious
that message send by email@example.com was not in fact sent from their server and
there is a chance that it's a spoofed message.
Whitelists could exist as well for known mailing lists.
How does DKIM prevent others from spoofing your mail address? People
will still receive unsigned e-mails that look like they were sent by you
even if they were not.
P.S. this is extremely easy to implement from programmer point of view,
all you need to do is take existing SPF plugin and just have it verify
SPF against e-mail that is in From header. It's probably a change of few
lines of code for someone who knows perl better than me. And such plugin
could be just optional and extremely useful for people who actually care
On 10/14/16 22:26, Bowie Bailey wrote:
> On 10/14/2016 3:43 PM, Kris Deugau wrote:
>> Petr Bena wrote:
>>> Is there any way to get spam assassin to actually figure out that
>>> is spoofed even if it's obviously easy to figure out?
>> Consider the case of, oh, say, this message. Or virtually every other
>> interactive mailing list on the Internet.
>> Were you to do an SPF check on the From:, you would see it softfail,
>> because so far as your incoming server is concerned, it does not
>> originate from the allowed 22.214.171.124/26 IP block that matches the SPF
>> record for vianet.ca, it originates from the list server.
>> There are many more similar cases where the From: has no technical
>> relation, just a real-world business relation, to the envelope sender
> On the other hand, SA is a points-based system. If you checked SPF
> based on the From header, you could then whitelist known list servers
> and other exceptions and add a point or so to the rest. If you set
> the score at 0.001 and monitored the non-spam hits for a while, you
> could probably come up with a pretty good list of exceptions before
> upping the score. (Of course this assumes you are in a position where
> you can legally look at the messages passing through your system.)
> It could be helpful, or there could be too many exceptions to be
> useful. I'd say it's worth a try to see what happens.