[DShield] SPF is fundamentally flawed

Tony Earnshaw tonye at billy.demon.nl
Thu Feb 19 16:00:39 GMT 2004

tor, 19.02.2004 kl. 14.55 skrev Bruce Lilly:

> > From: "Erik van Straten" <emvs.dsh.3FB4CC72 at cpo.tn.tudelft.nl>
> > Date: Wed, 18 Feb 2004 15:53:24 +0100

> SPF may indeed be flawed, but your complaint seems to boil down to the fact
> that you are receiving non-delivery notices for messages sent to non-existent
> addresses, giving a forged sender address.  That is due to poor design of
> some MTAs, and/or use of intermediate SMTP relays, which has nothing to do
> with SPF.  Nor is it a problem that SPF purports to address.


>  Some poorly designed MTAs
> instead issue a positive (2yz) response even for bad recipient addresses,
> allow the client to send DATA that cannot be delivered, and then bounce
> that DATA (the message) to the specified (i.e. forged) envelope sender
> address.  This has nothing whatsoever to do with SPF.  The real problem
> is the MTA design failure to give a 5yz response to RCPT TO which
> specifies a non-existent recipient.


> With a tiny bit of effort you can see what's broken.  You can complain
> to the appropriate parties about the appropriate issues.

AFAIR, Erik is using Postfix (Postfix 2.0.18 being my own chosen MTA at
the moment). Postfix, donated to the Open Source community by IBM, is
designed and mainly implemented by Wietse Venema, of IBM.

Is Postfix a poorly designed MTA?



mail: billy - at - billy.demon.nl

More information about the list mailing list