Mailinglist Archive: opensuse-security (297 mails)

< Previous Next >
Re: [suse-security] Email Spoofing
  • From: Markus Gaugusch <markus@xxxxxxxxxxx>
  • Date: Thu, 22 Jul 2004 00:01:34 +0200 (CEST)
  • Message-id: <Pine.LNX.4.60.0407212348440.21323@xxxxxxxxxxxxxxxxxx>
On Jul 21, Dirk Schreiner <dirk.schreiner@xxxxxxx> wrote:

Markus Gaugusch schrieb:

Yes, it breaks forwarding. But facing the amount of spam, the number of mails that bounce because of incorrect (old-style) forwarding should be neglegible.
incorrect (old-style)?
Could you please post the RFC with the "new-style".

SPF suggests remailing instead of forwarding. I'm pretty sure that this does not bother any RFC. The old method may not be incorrect, but it is just incompatible with SPF. Sorry for the wrong wording.

Your suggestion with signatures are also nice, but I think that 1 million administrators are easier to convince to perform infrastructure upgrades, than billions of (mostly stupid) users. I don't think that SPF is so bad, and I haven't heard of any other problems than forwarding. Digital signatures, though, are something that probably not even everyone on suse-security has tried. And I don't want to see the next MS Outlook version with integrated signatures that will break like everything else they make. Infrastructure security should be done by administrators, not by end users. Although there are still too many stupid admins out there :(

And yes, I know, that the forwarding problem doesn't hit me, but the innocent receiver who forwards mail from my account to his SPF-protected domain via a non-SPF aware host in the middle. But if that case happens, I could either send mails to him directly, or try to convince the "middle" host owner to do something against the sky-raising amounts of spam and do remailing instead of forwarding.

Going sleeping.

BTW: if anybody is not amused about that long signature.
I cannot go around this because company GW is doing that.
And using my host`s SMTP-Server is not possible due to
people checking Reverse-Lookup and doing SPF. :-/

You could at least use sigdashes ("-- ", the trailing blank is important!) to make users of good mail clients not-so-annoyed :)

__________________ /"\
Markus Gaugusch \ / ASCII Ribbon Campaign
markus(at) X Against HTML Mail
/ \

< Previous Next >