77 messages in net.sourceforge.lists.courier-users[courier-users] RE: freemail list and...
FromSent OnAttachments
Mitch (WebCob)Jan 5, 2004 11:31 am 
Jeff PotterJan 5, 2004 12:58 pm 
Mitch (WebCob)Jan 5, 2004 1:26 pm 
Gerardo GregoryJan 5, 2004 1:34 pm 
Sam VarshavchikJan 5, 2004 1:56 pm 
Andrew NewtonJan 5, 2004 3:02 pm 
Sam VarshavchikJan 5, 2004 3:23 pm 
Mitch (WebCob)Jan 5, 2004 3:38 pm 
Andrew NewtonJan 5, 2004 5:49 pm 
Sam VarshavchikJan 5, 2004 5:57 pm 
Andrew NewtonJan 5, 2004 7:06 pm 
Mitch (WebCob)Jan 5, 2004 8:19 pm 
Gordon MessmerJan 5, 2004 11:58 pm 
Sam VarshavchikJan 6, 2004 4:10 am 
Sam VarshavchikJan 6, 2004 4:11 am 
Sam VarshavchikJan 6, 2004 4:12 am 
Gordon MessmerJan 6, 2004 10:20 am 
Mitch (WebCob)Jan 6, 2004 10:50 am 
Malcolm WeirJan 6, 2004 2:10 pm 
Julian MehnleJan 6, 2004 3:07 pm 
Phillip HutchingsJan 6, 2004 3:28 pm 
Sam VarshavchikJan 6, 2004 3:44 pm 
Sam VarshavchikJan 6, 2004 3:46 pm 
Mitch (WebCob)Jan 6, 2004 3:56 pm 
Julian MehnleJan 6, 2004 4:17 pm 
Sam VarshavchikJan 6, 2004 4:31 pm 
Julian MehnleJan 6, 2004 4:45 pm 
Roger B.A. KloreseJan 6, 2004 5:17 pm 
Roger B.A. KloreseJan 6, 2004 5:20 pm 
Julian MehnleJan 6, 2004 5:33 pm 
Roger B.A. KloreseJan 6, 2004 5:51 pm 
Julian MehnleJan 6, 2004 6:12 pm 
Malcolm WeirJan 6, 2004 6:17 pm 
Roger B.A. KloreseJan 6, 2004 6:22 pm 
Sam VarshavchikJan 6, 2004 6:34 pm 
Sam VarshavchikJan 6, 2004 6:47 pm 
Julian MehnleJan 6, 2004 7:10 pm 
Julian MehnleJan 6, 2004 7:42 pm 
Julian MehnleJan 6, 2004 7:53 pm 
Roger B.A. KloreseJan 6, 2004 7:54 pm 
Roger B.A. KloreseJan 6, 2004 7:56 pm 
Roger B.A. KloreseJan 6, 2004 8:13 pm 
Sam VarshavchikJan 6, 2004 8:16 pm 
Sam VarshavchikJan 6, 2004 8:19 pm 
Sam VarshavchikJan 6, 2004 8:22 pm 
Roger B.A. KloreseJan 6, 2004 8:22 pm 
Roger B.A. KloreseJan 6, 2004 8:29 pm 
Mitch (WebCob)Jan 6, 2004 11:19 pm 
RolandJan 7, 2004 3:56 am 
Sam VarshavchikJan 7, 2004 4:14 am 
Julian MehnleJan 7, 2004 10:47 am 
Julian MehnleJan 7, 2004 10:59 am 
Roger B.A. KloreseJan 7, 2004 11:37 am 
Malcolm WeirJan 7, 2004 12:18 pm 
Julian MehnleJan 7, 2004 1:09 pm 
Julian MehnleJan 7, 2004 1:40 pm 
Gordon MessmerJan 7, 2004 3:08 pm 
Malcolm WeirJan 7, 2004 3:14 pm 
Sam VarshavchikJan 7, 2004 3:32 pm 
Mitch (WebCob)Jan 7, 2004 3:46 pm 
Sam VarshavchikJan 7, 2004 3:50 pm 
Julian MehnleJan 7, 2004 3:52 pm 
Bill MichellJan 7, 2004 3:54 pm 
Mitch (WebCob)Jan 7, 2004 3:56 pm 
Julian MehnleJan 7, 2004 4:03 pm 
Julian MehnleJan 7, 2004 4:06 pm 
Roger B.A. KloreseJan 7, 2004 4:12 pm 
Phillip HutchingsJan 7, 2004 4:16 pm 
Mitch (WebCob)Jan 7, 2004 4:27 pm 
Julian MehnleJan 7, 2004 4:29 pm 
Mitch (WebCob)Jan 7, 2004 4:32 pm 
Julian MehnleJan 7, 2004 4:33 pm 
Gordon MessmerJan 7, 2004 4:58 pm 
Malcolm WeirJan 7, 2004 5:07 pm 
Julian MehnleJan 7, 2004 5:27 pm 
Phillip HutchingsJan 7, 2004 6:33 pm 
Gordon MessmerJan 7, 2004 7:00 pm 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:[courier-users] RE: freemail list and questions about yahoo...Actions...
From:Julian Mehnle (lis@mehnle.net)
Date:Jan 6, 2004 6:12:38 pm
List:net.sourceforge.lists.courier-users

Roger B.A. Klorese <rog@queernet.org> wrote:

Julian Mehnle wrote:

In which way? Could you please describe an abstract requirements scenario which cannot be satisfied by SPF?

Sure.

I connect my work machine to my home Earthlink network.

Since the only machine whose port 25 I am alowed to talk to is smtp.earthlink.net, I connect to it.

My client sends to it: MAIL FROM:<rog@workdomain.com> RCPT TO:<joeb@fardomain.com>

smtp.earlink.net connects to smtp.fardomain.com and says: EHLO smtp.earthlink.net MAIL FROM:<rog@workdomain.com>

...but it's not SPF'd for workdomain.com, of course.

But it *could* be. You can set the following SPF record for workdomain.com (if
Earthlink has their own SPF set up correctly):

v=spf1 [...] include:earthlink.net -all

or (if Earthlink uses their incoming MXes as outgoing MXes as well):

v=spf1 [...] mx:earthlink.net -all

or even (otherwise):

v=spf1 [...] a:smtp.earthlink.net -all

Then you can send via Earthlink, with only minimally loosened SPF protection
(theoretically, any Earthlink user could forge his mails as coming from
workdomain.com). qed.

Yahoo's scheme has the advantage that the owner of workdomain.com doesn't have
to open his domain to forgery from other domains (like in the example above).
But as soon as a user @workdomain.com is forced to send through a 3rd party SMTP
relay (like in the example above), either the user or that 3rd party would need
access to the workdomain.com private key to properly sign the sent messages.

So essentially, the difference in this regard between SPF and the Yahoo scheme
is that with SPF, the 3rd party must be trusted, while with the Yahoo scheme,
the 3rd party OR the user @workdomain.com must be trusted. I.e., with SPF,
trust cannot be delegated to the user.

Did I get anything wrong?