ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Re: SPF abused by spammers

2004-09-10 18:12:30
from [Barry Shein] [Permanent Link] 

On September 10, 2004 at 19:25 sethb(_at_)panix(_dot_)com (Seth Breidbart) 
wrote:

What about them?  In particular, what domain does the spam _claim_ to
be coming from?  AOL isn't about to publish SPF records for its dialup
lusers; neither is ATT, earthlink, etc.  Why should they?  They'd only
publish such records for their own outgoing servers.


Why not? Why wouldn't they? Why shouldn't they?

Some ISPs have a policy: No direct mail sending, no port 25, that is
certainly true.

But many others do not have any such policy, nor are they likely
to. And much of the common mail software is happy to do direct
delivery rather than forward through an ISP official relay.

So unless you can somehow argue that the bazillion connections from
broadband and dialup ports I see all day are going to disappear I
think it's safe to say that either these ISPs publish SPF records for
each and every one of those pool/dhcp, or even statically assigned
(you know what I mean, the cheap seats), addresses, or they'd better
start getting their customers used to the change in policy coming up
when and if something like SPF happens and they refuse. Or maybe they
can sell them SPF entries (hmmmmm.)

More importantly, I suppose we can GUESS what actual practice might or
might not be.

But perhaps we'd be better off being SPECIFIC (prescriptive) about
what is actually required by a standard.

And I don't see anything inherent in SPF that stops an ISP from
publishing a few million SPF records to cover all their IP allocation
if their policy is that any customer may send directly to port 25. One
pretty much implies the other.

Have we found yet another fatal flaw in SPF? Or am I really missing
something (I can't say I've deeply thought thru this aspect, it's just
come up.)


Because it's zombie'd PCs on those broadband nets which account for
nearly all the spam.


What domain will they claim?  That's the key point.


Well, I assume if I were a DSL customer with verizon.net then it'd be
verizon.net. What else?

Oy, what a mess. We're really getting nowhere, fast.

-- 
        -Barry Shein

Software Tool & Die    | bzs(_at_)TheWorld(_dot_)com           | 
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] SPF is only useful to dupe the ignorant..., Seth Breidbart
Next by Date:  Re: [Asrg] SPF is only useful to dupe the ignorant..., Bill Cole
Previous by Thread:  Re: [Asrg] Re: SPF abused by spammers, Seth Breidbart
Next by Thread:  Re: [Asrg] Re: SPF abused by spammers, Matthias Leisi
Indexes:  [Date] [Thread] [Top] [All Lists]