On Mon, 11 Dec 2006, John Rudd wrote: > > Think "open relay". The ISP mailserver should only be accepting mail > > *from* their domain or *to* their domain. Mail from and to domains > > they don't own should be blocked. > > I think you're mis-stating this. > > 1) Being an open relay isn't about accepting mail, it's about routing mail. > > 2) They should only route mail to outside recipients if: > a) it comes from their own IP address space > b) it comes from an authenticated session > > I think you're mis-stating 2a. The traditional requirement is as I > stated it: the mail must come from the ISP's address space, not from a > sender in their mail domain. This works fine: my IP address is assigned > to me by them, therefore I am within their routing domain, therefore > they are not an open relay for routing my messages out to the world, > even though the sender's email address is @mydomain.com instead of > @myisp.net. > > But, even if you change 2a to be mail domain based instead of IP address > based, then that still leaves 2b. I can use a sender address of > "[EMAIL PROTECTED]", but authenticate with SMTP-AUTH to my ISP as > "[EMAIL PROTECTED]" (there is no requirement that SMTP-AUTH match the > sender address; nor should there be). I then satisfy 2b, and my email > passes through their servers without a problem.
I hope only corporate MTAs are using 2a. I don't like the idea that (for example) all Comcast Home users will be able to send forged mail via the Comcasst MTAs... And 2b still doesn't help if the spambot uses the locally-stored authentication information. But I only brought this up as an additional issue. If the ISP is doeing either 2a or 2b then all you need to worry about is including the ISP's SPF information in the SPF record for your domain. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- The fetters imposed on liberty at home have ever been forged out of the weapons provided for defense against real, pretended, or imaginary dangers from abroad. -- James Madison, 1799 ----------------------------------------------------------------------- 4 days until Bill of Rights day
