[LINK] Question re spoofing with bad reply address

Stephen Rothwell sfr at rothwell.id.au
Wed Jul 9 17:35:37 AEST 2014


Hi Hamish,

On Wed, 09 Jul 2014 17:27:08 +1000 Hamish Moffatt <hamish at cloud.net.au> wrote:
>
> Consider implementing SPF to prevent this. 
> http://en.wikipedia.org/wiki/Sender_Policy_Framework
> 
> In summary, through the DNS you publish a list of all servers authorised 
> to send mail from your domain, and how strict you want recipients to be. 
> An SPF-aware receiving host will check the DNS when it receives mail, 
> and reject any received from unlisted servers. This prevents your email 
> address being forged.

SPF is broken by design (consider forwarding - including mailing
lists).  Unfortunately, some of the bigger players are now using it to
make decisions :-(

It also doesn't help for those with email addresses in domains that
other people using the same domain post from lots of different places.
(e.g. other members of my family use various ISP's outgoing mail
servers)

-- 
Cheers,
Stephen Rothwell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://mailman.anu.edu.au/pipermail/link/attachments/20140709/5df4d8b4/attachment.sig>


More information about the Link mailing list