Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SPF question

Status
Not open for further replies.

kumar2222

IS-IT--Management
May 30, 2008
7
CA
The SPF site is down for the moment. However if memory serves SPF verifies the Reply to address. Not the From address.

What happens if there is no Reply to address explicitly stated? Does it verify the From address?

I am just wondering because I am getting a spoof claiming to be from scotiabank.com. However there is no Reply to in the header. My SPF filter just lets it through.

Thanks

Kumar
Virtech Computer Consulting and Networking
 

SPF uses the header From: field. It's not an optional field and is appended by the MTA, not the MUA.
 
Like I said openspf.org is down. Not sure where else I can get a copy of the official protocol.

However according to "SPF only checks the hidden part of an email message known as the "Return-Path" (or "821 header"). According to Hutzler, SPF completely ignores the From address (or "822 header,") which is used by phishers to "social engineer" or dupe naïve recipients."


This was my initial confusion. However you are right it seems to be validating "From". At least when "Return-Path" is not specified. Not sure what happens if a different "Return-Path" is specified.

However my problem was something else and has been fixed. I did not handle soft fail properly.

By the way this is regarding an MTA (Exim4 to be precise).

Kumar
Virtech Computer Consulting and Networking
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top