[BCLUG] Interesting email about domain expiring - SPF vs SPAM question

Ian Samuel ian at mrzesty.net
Fri Aug 19 10:17:29 EDT 2022


On 2022-08-18 8:06 p.m., Rick Moen wrote:
> Quoting BCLUG (admin at bclug.ca):
>
>> I got an interesting email today saying this domain was to expire today.
> Am inferring "this domain" = bclug.ca .
>
>> Since I just had a legit message from a utility provider that I'd
>> missed a payment, my first thought was, "Oh no, not again."
>>
>> But it was fake.

I've lost track - because 1/2 of these messages are ending up in Junk 
for me. :-)

but it needs to be stressed that SPF provides a suggestion to other mail 
servers that the /_SMTP _//_envelope sender_/ (not the From: header 
field) address can only originate from listed IPs. SPF does not prevent 
spoofing of a From: header, you need DKIM for that. Of course what mail 
servers choose to do (or not do) with that information is up to their Admin.

Some mail servers will add the envelope sender to the mail message 
headers, but many will not.

Received: from rick by linuxmafia.com with local (Exim 4.72)
  (envelope-from<rick at linuxmafia.com>) id 1oOrPC-00058h-6j
  fordiscuss at lists.bclug.ca; Thu, 18 Aug 2022 19:06:38 -070

i.


-- 
Ian Samuel  M.Sc. IS  LPIC-3
Linux and Infrastructure Architect

"I think it's very important to have a feedback loop, where you're constantly thinking about what you've done and how you could be doing it better. I think that's the single best piece of advice: constantly think about how you could be doing things better and questioning yourself."
"Elon Musk"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bclug.ca/pipermail/discuss/attachments/20220819/2d60990e/attachment-0001.htm>


More information about the Discuss mailing list