TMDA Re: [Gllug] New worm doing the rounds?
Alistair Mann
alistair at lgeezer.net
Tue Feb 17 18:54:18 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thus spaketh Bruce Richardson on Tuesday 17 February 2004 3:48 pm:
> On Tue, Feb 17, 2004 at 12:25:18PM +0000, Alistair wrote:
> > I'm less optimistic about SPF. A greater problem than low value for early
> > adopters will be low value for all once widely adopted, as it is trivial
> > to circumvent: just make the envelope sender sufficiently accurate.
>
> No. SPF can quite validly be used to validate From and Sender headers
> as well as the envelope sender.
SPF would tend to reduce the utility of email address portability. It is
useful for me when onsite to send email from my own work's email address. It
is useful for sales managers -- bless their cotton socks -- to send from just
one email address whether they be in the office, under a hotpoint or in a
hotel in Sydney, AU. It is useful for the less computerate (ie, PHBs) to be
able to send email from their work address from their dialup connection at
home. SPF reduces the ability to do the above.
A wildcard would solve these problems, yet this 'cure' could be worse than the
problem: a wildcard is useless to you for the reasons you have given
elsewhere. It is useless to me as it offers nothing extra in return for
another point of failure. It is use/ful/ to the spammer as users may
erroneously believe that SPF has improved the odds that the email in front of
them is legitimate.
SPF doesn't identify the sender to any greater level that date/time and IP
address already does: dup-1-2-3-4.demon.net could still forge his sender
address as dup-5-6-7-8.demon.net, so it is of no additional use in
determining compromised machines.
It is undoutably thinking along the right lines, yet the economics are bad:
admins and users face an permanent increase in operating costs for a one-off
increase in the fixed costs of spammers.
> In fact, it's often more useful to
> validate the headers than the envelope because some mail clients bollix
> the envelope sender.
Yup.
- --
Alistair
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: As seen at http://search.keyserver.net
iD8DBQFAMmNbEz+/jt85AfsRAsdWAJ41diawxeZMB5NWI+SG+4ww0nSR1gCeMs2g
+VVDhA24NVzMM9nAU+qIuQQ=
=wKtx
-----END PGP SIGNATURE-----
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list