Re: ISP phishing

[Niels Bakker <niels=nanog () bakker net>]

* dot () dotat at (Tony Finch) [Wed 29 Jun 2005, 15:28 CEST]:
> On Wed, 29 Jun 2005, Peter Corlett wrote:
> > Tony Finch <dot () dotat at> wrote:
> > [...]
> > > Actually, what you have to guarantee is that you never send email to 
> > > anyone who forwards their email elsewhere. This is impossible.
> > How do you figure that?
> >
> > The failure mode in this case is if somebody arranges "dumb" mail 
> > forwarding that doesn't do envelope rewriting, and also applies a SPF 
> > filter on their incoming mail. The problem is quite clearly of the 
> > recipient's making rather than any fault of the sender's.
> Most forwarding services do nothing but change the envelope recipient 
> address, and this has been standard practice for many many years. Sites 
> that do SPF checking on incoming email must take this into account if 
> their users forward email from elsewhere. However most sites do not do so, 
> partly because the SPF documentation doesn't make it clear that they must, 
> and partly because it's basically impossible - for every user that 
> forwards email to your site you must whitelist the IP addresses of the 
> forwarding mail servers, and you can't find out what those IP addresses 
> are or when they change.

How do I configure my router for that?


        -- Niels.

--
                             The idle mind is the devil's playground