Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Meta
Re: Anyone else got this email from Bitcointalk.org?
by
OnkelPaul
on 18/03/2015, 12:15:21 UTC
Quote from: matt4054 on March 18, 2015, 11:36:57 AM
Quote from: CaptainHerpDerp on March 18, 2015, 11:26:44 AM
but it looked legit as it had the address noreply@bitcointalk.org

FYI, unless the (alleged) sender's domain has got SPF records and your mail server implements it, anyone can just change his 'From:' address to whatever he wants just by going to 'Settings...' in the mail client.

Actually bitcointalk.org *does* have an SPF record protecting it with a strict (-all) policy: according to standards, the phishing message should have been rejected, but your mail server probably doesn't enforce the requested policy.

SPF is a mixed blessing - as soon as you (legitimately) forward mails without completely rewriting the sender address, you get lost or rejected mails when you SPF handling is strict.
There's a workaround (SRS) which works mostly but makes some things unwieldy.
The other thing is that SPT does not protect the From: header (see http://www.openspf.org/FAQ/Envelope_from_scope), so this kind of phishing would still be possible.

Onkel Paul