You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by ha...@t-online.de on 2006/07/24 20:24:33 UTC
Re: SPF breaks email forwarding
Domainkeys does less harm to forwarded messages than spf - a forwarder just has to put
a Sender: header there, rother than implement srs
Wolfgang Hamann
>>
>> Michael Scheidell wrote:
>> >> -----Original Message-----
>> >> From: Graham Murray [mailto:graham@gmurray.org.uk]
>> >> Sent: Monday, July 24, 2006 7:44 AM
>> >> To: users@spamassassin.apache.org
>> >> Subject: Re: New DNS Black list, White List, Yellow List
>> >>
>> >>
>> >> Ramprasad <ra...@netcore.co.in> writes:
>> >>
>> >>
>> >>> A lot of banks/legitimate bulk email senders change their relay
>> >>> server. Many reasons for that. The most common is that they use a
>> >>> third party to relay their mails and these would keep changing
>> >>>
>> >> Especially for banks and other high risk phishing targets, it
>> >> would be much better if they did not do this. If all banks
>> >> etc sent mail from a server whose IP address whose rDNS is
>> >> xxx.bank.com and where xxx.bank.com resolves to the IP
>> >> address from which the mail is sent, then it would
>> >> considerably easier to detecting phishing and greatly improve
>> >> the security for their customers.
>> >>
>> >
>> > Even if the banks used spf hardfail, it would at least stop phishing to
>> > ISP's ans servers that knew about SPF.
>> >
>> > (you could bump SPF_HARDFAIL score to 15, or use spf to block offending
>> > connection right in postfix!)
>> >
>>
>> Except = SPF breaks email forwarding. It requires that the world change
>> how email is forwarded and that's not going to happen. Thus if a bank
>> has a hard fail and someone with an account on my server gets email from
>> an account that is forwarded then my server sees the email as coming
>> from an illegitimate source.
>>
>>