Mailing List Archive: SPF: Help

Use of exists mechansim in SPF

Index | Next | Previous | View Threaded

murthy+spf at teamon

Jul 19, 2004, 2:55 PM

Post #1 of 2 (821 views)
Permalink

Use of exists mechansim in SPF

Hi,

Isn't an MTA prone to forgery if they use 'exists' mechanism?

For example, say 'foo.com' domain implments 'exists' mechanism with an SPF record 'v=spf1 exists:foo.com -all' Can't an email forger send from any arbitrary IP address and say MAIL From: ceo [at] foo ?

Essentially, how is the MTA itself validated when 'exists' is used?

I must be missing something here.. what is it?

thanks a lot,

Murthy Gorty.

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help [at] v2

nobody at xyzzy

Jul 19, 2004, 9:23 PM

Post #2 of 2 (773 views)
Permalink

Re: Use of exists mechansim in SPF [In reply to]

Murthy Gorty wrote:

> 'foo.com' domain implments 'exists' mechanism with an SPF
> record 'v=spf1 exists:foo.com -all' Can't an email forger
> send from any arbitrary IP address and say MAIL From:
> ceo [at] foo ?

Yes. The 'exists' mechanism makes more sense with macros.
e.g. "-exists:%{ir}.bl.spamcop.net" would be "IP not listed
by spamcop.net". Still dubious, but there are also some
white lists organized in this way (bondedsender etc.)

You could also create a list of all users, and macros could
then check the existence of the local parts. Bye, Frank

-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help [at] v2

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads