Mailing List Archive: SPF: Help

SPF policy for rawbits.com

Index | Next | Previous | View Threaded

bwalton at rawbits

Jul 29, 2008, 7:53 AM

Post #1 of 5 (597 views)
Permalink

SPF policy for rawbits.com

I receive email with headers like these often:

>Return-Path: <bwalton[at]kpmg.com>
>Received: from exprod8mx263.postini.com [64.18.3.55] by
>ms44.ihwy.com with SMTP;
> Tue, 29 Jul 2008 00:38:56 -0700
>Received: from source ([89.235.141.69]) by exprod8mx263.postini.com
>([64.18.7.10]) with SMTP;
> Tue, 29 Jul 2008 00:38:55 PDT
>Content-Return: allowed
>X-Mailer: CME-V6.5.4.3; MSN
>Message-Id: <20080729143753.8765.qmail[at]w11>
>To: <bwalton[at]rawbits.com>
>Subject: Anjelina Jolie XXX Video Free.
>From: <bwalton[at]rawbits.com>
>MIME-Version: 1.0
>Content-Type: text/html; charset="UTF-8"
>Content-Transfer-Encoding: 7bit
>X-SmarterMail-Spam: Bayesian Filtering, SPF_None, ORDB

Question: If Postini is checking SPF, shouldn't they block these
messages as forgeries?

--
Bill Walton bwalton[at]rawbits.com (831)338-0479 home
PO Box 850 (408)721-4346 bus
Boulder Creek, CA 95006-0850 (831)345-7135 cell

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

steve at teamITS

Jul 29, 2008, 8:11 AM

Post #2 of 5 (559 views)
Permalink

RE: SPF policy for rawbits.com [In reply to]

Bill Walton wrote on 7/29/2008 9:53:11 AM:

> I receive email with headers like these often:
>
>> Return-Path: <bwalton[at]kpmg.com>

> Question: If Postini is checking SPF, shouldn't they block these
> messages as forgeries?

Kpmg.com doesn't have an SPF record.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Out of my way! I smell chocolate!

~ Taglines by Taglinator - www.srtware.com ~

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

bwalton at rawbits

Jul 30, 2008, 5:59 AM

Post #3 of 5 (549 views)
Permalink

RE: SPF policy for rawbits.com [In reply to]

At 08:11 AM 7/29/2008, you wrote:
> > I receive email with headers like these often:
> >
> >> Return-Path: <bwalton[at]kpmg.com>
>
> > Question: If Postini is checking SPF, shouldn't they block these
> > messages as forgeries?
>
> Kpmg.com doesn't have an SPF record.

OK - so it's the Return-Path that's checked, not the From, even
though all three mail clients I use show the message as coming from
bwalton[at]rawbits.com?

--
Bill Walton bwalton[at]rawbits.com (831)338-0479 home
PO Box 850 (408)721-4346 bus
Boulder Creek, CA 95006-0850 (831)345-7135 cell

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

steve at teamITS

Jul 30, 2008, 7:05 AM

Post #4 of 5 (549 views)
Permalink

RE: SPF policy for rawbits.com [In reply to]

> OK - so it's the Return-Path that's checked, not the From

Yes.

http://www.openspf.org/FAQ/Envelope_from_scope

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Sci-Fi Survival Tip: Kids love dinosaurs; unfortunately dinosaurs
love kids too.

~ Taglines by Taglinator - www.srtware.com ~

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

hmdmhdfmhdjmzdtjmzdtzktdkztdjz at gmail

Jul 30, 2008, 8:37 AM

Post #5 of 5 (548 views)
Permalink

Re: SPF policy for rawbits.com [In reply to]

Bill Walton wrote:

> OK - so it's the Return-Path that's checked, not the From

Yep.

The return-path is the critical piece wrt auto-responders
(vacation mail, bounces, etc.). It is where "backscatter"
is sent to.

> all three mail clients I use show the message as coming
> from bwalton[at]rawbits.com

A (slightly) different problem, it is related to phishing,
if spammers have reasons to abuse your address in phishes.

SPF is not designed to help with phishing, for that you'd
check out "DKIM ADSP" and/or "SenderID PRA". The latter
is also known as "spf2.0/pra". Folks here agree that PRA
doesn't really work as expected. Your mail client might
still show what it shows today, even if the phisher used
another address as Resent-From to get a PRA PASS of their
choice.

No silver bullets, sorry. Limited to backscatter issues
v=spf1 (PASS or FAIL) does help.

Frank

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com