[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: recent spam to this list

Julian Mehnle wrote:
> Andreas Metzler wrote:
> > Julian Mehnle <lists@mehnle.net> wrote:
> > > It's about forging an e-mail sender's identity.  By preventing
> > > the unauthorized use of domains as the sender domain of e-mails,
> > > most of the practiced cases of identity forgery are prevented.
> > > [...]
> >
> > If I send an e-mail over mail.nusrf.at with envelope-from
> > ametzler@logic.univie.ac.at I am _not_ forging anything or making
> > "unauthorized use of domains"
> Yes, you are.  The envelope-from address is not a reply-to address,
> it's a sender address.  If you are sending from mail.nusrf.at, you
> are not sending from logic.univie.ac.at.  So you should not specify
> <ametzler@logic.univie.ac.at> as the envelope-from address, or you'd
> be forging it.

OK, I think I've thought of a sort of a counter-example:

I have a private server, and an account there.

I have a friend with a private server, but I do NOT have an account on
that box.  (Unlikely but possible;  I can think of one real-world case
amongst people I know running private servers.)

While at a LAN party at that friend's place, I check my mail on my
server, and decide I want to reply to some of the messages.

Since we're both on semi-dynamic IPs (connected 24/7, but not formally
assigned static IP addresses), I haven't allowed SMTP relay from the IP
my friend's server is on, because I don't really know what it is
today/this week/this month.  But his server allows relay mail from
machines on his private network, so I use his server as a relay for my

I'm sending "from" myfriendsdomain.com's server, but I don't have an
account there.  I do, however, have an account myaccount@mydomain.com on
my own server- to which I want all replies/bounces/etc to go to.

I'm not sure this actually has any direct relevance to this dicussion
(which I gather is about a DNS-ish way to restrict which machines can
relay mail for any particular domain, according to the wishes of that
domain owner), but I think it might be a useful example.

<erno> hm. I've lost a machine.. literally _lost_. it responds to
ping, it works completely, I just can't figure out where in my
apartment it is.

Reply to: