It's off topic for this list and I won't post again, but there are mechanisms in SPF for your scenerio. Lyle ----- Original Message ----- From: <suse@rio.vg> To: <suse-security@suse.com> Sent: Friday, June 04, 2004 9:49 AM Subject: Re: [suse-security] Fwd: Undelivered Mail Returned to Sender
Quoting Markus Gaugusch <markus@gaugusch.at>:
To prevent spoofing, you can enable SPF for your domain (SuSE should do
so
as well, and also everybody else who reads this). See http://spf.pobox.com for more information.
Basically, SPF means that you insert a TXT record into your DNS zone that specifies which IP-addresses and MX servers are allowed to send mail with a FROM that contains your domain name.
SPF breaks forwarding. My domains used to publish SPF info until my customers started complaining. If anyone from your domain sends mail to someone who uses a forwarding service (very common in virtual domain setups), your mail will be dropped.
For instance, let's say I own foo.com, and have it hosted at a hosting company, having any mail sent to it forwarded to my local ISP mail account. A fairly typical setup for a domain owner of a small set. If my local ISP uses SPF, I will no longer recieve mail sent to foo.com.
My friend Bob sends the mail to foo.com, which then sends it to me. The SPF for Bob's domain doesn't list foo.com. My mail gets dropped.
SPF is SERIOUSLY flawed. Security is about getting the legitimate through while blocking the bad. SPF fails on this account.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here