Am 11.02.2024 um 18:40 schrieb Sebastian Nielsen via mailop <mailop@mailop.org>:
>> because SPF is too easy to forge.) Wrong. When a shared space is used, its up to that particular space, to enforce so customers cannot use other customer’s email addresses. In the same way you cannot, and should not be able to use someu...@hotmail.com<mailto:someu...@hotmail.com> when logged in as anotheru...@hotmail.com<mailto:anotheru...@hotmail.com> , in the same way, Office365, Gmail, AmazonSES etc, should enforce so a customer logged into their SMTP relay with someth...@customer1.com<mailto:someth...@customer1.com> cannot use someth...@customer2.com<mailto:someth...@customer2.com> as sender address. It’s a matter of a simple configuration. In an ideal world this would be true, but in reality it’s not only a „matter of a simple configuration“. For example the paper „Weak Links in Authentication Chains„ https://www.usenix.org/system/files/sec21-shen-kaiwen.pdf or the recent SMTP smuggling attack showed different ways how to use an Office365 account to send messages from foreign domains that are perfectly authenticated but completely fake. Some of those problems can be and have been fixed, but huge and complex collaboration platforms offer a large enough surface to contain more than one loophole. So you simply choose a provider who you trust enforces that as a domain owner. That’s why SPF exist. Well, if I as a receiver would trust email service providers to properly verify all outgoing messages of their users before accepting them for delivery, then I could skip SPF checks for their networks altogether, as no spoofed email could originate from there. Unfortunately this does resemble the reality. — BR Oliver ________________________________ dmTECH GmbH Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe Telefon 0721 5592-2500 Telefax 0721 5592-2777 dmt...@dm.de<mailto:dmt...@dm.de> * www.dmTECH.de<http://www.dmtech.de> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927 Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher ________________________________ Datenschutzrechtliche Informationen Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer Datenschutzbeauftragten finden Sie hier<https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832>.
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
