SPF, joe jobs, and phishing
Posted Jun 15, 2006 21:32 UTC (Thu) by dwmw2
In reply to: SPF, joe jobs, and phishing
Parent article: SPF on vger
You didn't actually read the why not SPF page linked above, did you?
In particuar, I was thinking of BATV
. Not only does it instantly stop the bounces to mail you didn't actually send, but it also allows others to detect fake mail.
Try faking MAIL FROM:<firstname.lastname@example.org>
to any site which bothers with sender verification callouts to avoid mail from invalid addresses (like sourceforge, amongst many others).
550-Verification failed for <email@example.com>
550-Sent: RCPT TO:<firstname.lastname@example.org>
550-Response: 550-This address never sends messages directly, and should not accept bounces.
550-550-Please see http://www.infradead.org/rpr.html or contact
550-550 email@example.com for further information.
550 Sender verify failed
to post comments)