ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Re: SPF abused by spammers

2004-09-13 15:11:59
from [Barry Shein] [Permanent Link] 

On September 11, 2004 at 11:56 matthias(_at_)astrum(_dot_)ch (Matthias Leisi) 
wrote:

$DIALUP_ISP that adds it's whole dialup-range as "legitimate 
mailservers" for $DIALUP_DOMAIN is of course free to do so, but that 
would be less-than-intelligent.


So your point relies on $D* never doing anything that is
less-than-intelligent?

But this isn't a technical hurdle, merely a presumption about how $D*
might behave.


The whole point of "Sender IP authentication" is to designate legitimate 
sources for mails from a certain domain. If $DIALUP_ISP trusts it's 
customers so much as to allow them to be legitimate sources - fine, 
that's their decision. But they will cause problems for their own domain 
name in doing so.


They may have little choice, from their point of view, either because
they perceive this as a marketing aspect (why don't they block port 25
now?), or their economic/business model doesn't allow for the sort of
e-mail infrastructure which provides for officialy relays. Or, more
likely, a little of each (since one policy tends to lead to the
other.)




And I don't see anything inherent in SPF that stops an ISP from
publishing a few million SPF records to cover all their IP allocation
if their policy is that any customer may send directly to port 25. One
pretty much implies the other.


They can only publish SPF records for their /own/ domain(s). Publishing 
"a few million" legitimate sources is certainly not a good way to build 
trust in these domain(s).


Can't wanadoo.fr publish an SPF record allowing
ABordeaux-251-2-10-162.w82-125.abo.wanadoo.fr to send email directly?

Not "are they likely to", or "it wouldn't seem to be in their best
interest", but just: Can they or not?

I admit I might be missing something here but thus far it's been like
grabbing smoke trying to get to the bottom of this.


-- 
        -Barry Shein

Software Tool & Die    | bzs(_at_)TheWorld(_dot_)com           | 
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] SPF is only useful to dupe the ignorant..., Barry Shein
Next by Date:  Re: [Asrg] Re: SPF abused by spammers, Peter J. Holzer
Previous by Thread:  Re: [Asrg] Re: SPF abused by spammers, Barry Shein
Next by Thread:  Re: [Asrg] Re: SPF abused by spammers, Peter J. Holzer
Indexes:  [Date] [Thread] [Top] [All Lists]