Re: recent spam to this list

To: debian-devel@lists.debian.org
Subject: Re: recent spam to this list
From: Kris Deugau <kdeugau@webhart.net>
Date: Wed, 15 Oct 2003 18:33:24 -0400
Message-id: <[🔎] 3F8DCB34.76AB5C04@webhart.net>
References: <[🔎] EHEOIEJMBFBKCKMPHFJKMEHDEFAA.lists@mehnle.net>

Julian Mehnle wrote:
> Andreas Metzler wrote:
> > Julian Mehnle <lists@mehnle.net> wrote:
> > > It's about forging an e-mail sender's identity.  By preventing
> > > the unauthorized use of domains as the sender domain of e-mails,
> > > most of the practiced cases of identity forgery are prevented.
> > > [...]
> >
> > If I send an e-mail over mail.nusrf.at with envelope-from
> > ametzler@logic.univie.ac.at I am _not_ forging anything or making
> > "unauthorized use of domains"
> 
> Yes, you are.  The envelope-from address is not a reply-to address,
> it's a sender address.  If you are sending from mail.nusrf.at, you
> are not sending from logic.univie.ac.at.  So you should not specify
> <ametzler@logic.univie.ac.at> as the envelope-from address, or you'd
> be forging it.

OK, I think I've thought of a sort of a counter-example:

--------
I have a private server, and an account there.

I have a friend with a private server, but I do NOT have an account on
that box.  (Unlikely but possible;  I can think of one real-world case
amongst people I know running private servers.)

While at a LAN party at that friend's place, I check my mail on my
server, and decide I want to reply to some of the messages.

Since we're both on semi-dynamic IPs (connected 24/7, but not formally
assigned static IP addresses), I haven't allowed SMTP relay from the IP
my friend's server is on, because I don't really know what it is
today/this week/this month.  But his server allows relay mail from
machines on his private network, so I use his server as a relay for my
mail.

I'm sending "from" myfriendsdomain.com's server, but I don't have an
account there.  I do, however, have an account myaccount@mydomain.com on
my own server- to which I want all replies/bounces/etc to go to.
--------

I'm not sure this actually has any direct relevance to this dicussion
(which I gather is about a DNS-ish way to restrict which machines can
relay mail for any particular domain, according to the wishes of that
domain owner), but I think it might be a useful example.

-kgd
-- 
<erno> hm. I've lost a machine.. literally _lost_. it responds to
ping, it works completely, I just can't figure out where in my
apartment it is.

Reply to:

Follow-Ups:
- RE: recent spam to this list
  - From: "Julian Mehnle" <lists@mehnle.net>

References:
- RE: recent spam to this list
  - From: "Julian Mehnle" <lists@mehnle.net>

Prev by Date: Re: testing packages at build
Next by Date: Re: XMMS doesn't like itself much...
Previous by thread: Re: recent spam to this list
Next by thread: RE: recent spam to this list
Index(es):
- Date
- Thread