SPF question

[kumar2222]

The SPF site is down for the moment. However if memory serves SPF verifies the Reply to address. Not the From address.

What happens if there is no Reply to address explicitly stated? Does it verify the From address?

I am just wondering because I am getting a spoof claiming to be from scotiabank.com. However there is no Reply to in the header. My SPF filter just lets it through.

Thanks

Kumar
Virtech Computer Consulting and Networking

http://www.virtech.ca

 

[unixfreak]

SPF uses the header From: field. It's not an optional field and is appended by the MTA, not the MUA.

 

[kumar2222]

Like I said openspf.org is down. Not sure where else I can get a copy of the official protocol.

However according to

http://www.oreillynet.com/pub/a/network/2004/09/28/spf.html:

"SPF only checks the hidden part of an email message known as the "Return-Path" (or "821 header"). According to Hutzler, SPF completely ignores the From address (or "822 header,") which is used by phishers to "social engineer" or dupe naïve recipients."


This was my initial confusion. However you are right it seems to be validating "From". At least when "Return-Path" is not specified. Not sure what happens if a different "Return-Path" is specified.

However my problem was something else and has been fixed. I did not handle soft fail properly.

By the way this is regarding an MTA (Exim4 to be precise).

Kumar
Virtech Computer Consulting and Networking

http://www.virtech.ca