ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Re: SPF abused by spammers

2004-09-13 16:43:36
from [Peter J. Holzer] [Permanent Link] 
On 2004-09-13 17:35:30 -0400, Barry Shein wrote:

On September 11, 2004 at 11:56 matthias(_at_)astrum(_dot_)ch (Matthias Leisi) 
wrote:
 > The whole point of "Sender IP authentication" is to designate legitimate 
 > sources for mails from a certain domain. If $DIALUP_ISP trusts it's 
 > customers so much as to allow them to be legitimate sources - fine, 
 > that's their decision. But they will cause problems for their own domain 
 > name in doing so.

They may have little choice, from their point of view, either because
they perceive this as a marketing aspect (why don't they block port 25
now?),


Blocking port 25 is a lot more drastic. Even if most free email
providers offer submissions on port 587 today (do they?), most users
won't know that and if connecting to port 25 of their favorite email
provider doesn't work, they will call their ISP's hotline.

Publishing an SPF record won't affect most users (they use either the
ISPs relay, or that of their email provider, or they have their own
domain) and for those which are affected, the effect will be comparable
to that of DULs: They find that their mails are rejected by a small (but
growing) number of MXes. 


or their economic/business model doesn't allow for the sort of
e-mail infrastructure which provides for officialy relays.


Are there "pure" ISPs in the mass market? My impression is that at least
in Austria and Germany you can't even get a (cheap) internet connection
without a pop mailbox, a relay host and some web space if you want it (the
quality of these services is often poor, but that's another story).


 > > And I don't see anything inherent in SPF that stops an ISP from
 > > publishing a few million SPF records to cover all their IP allocation
 > > if their policy is that any customer may send directly to port 25. One
 > > pretty much implies the other.
 > 
 > They can only publish SPF records for their /own/ domain(s). Publishing 
 > "a few million" legitimate sources is certainly not a good way to build 
 > trust in these domain(s).

Can't wanadoo.fr publish an SPF record allowing
ABordeaux-251-2-10-162.w82-125.abo.wanadoo.fr to send email directly?

Not "are they likely to", or "it wouldn't seem to be in their best
interest", but just: Can they or not?


They can not. 

They can publish an SPF record allowing
ABordeaux-251-2-10-162.w82-125.abo.wanadoo.fr to send mails with
a sender domain of wanadoo.fr directly (and probably lots of
other domains, too). They cannot publich an SPF record allowing
ABordeaux-251-2-10-162.w82-125.abo.wanadoo.fr to send mails with a
sender domain of ietf.org or hjp.at.

OTOH, they can easily publish an SPF record which allows everyone to
send mail with a sender domain of wanadoo.fr.

In any case I think it is rather uninteresting whether
wanadoo.fr will publish an SPF record allowing
ABordeaux-251-2-10-162.w82-125.abo.wanadoo.fr to send mails from
wanadoo.fr. If they do, they take responsibility for mail that host
sends out, and they will have to bear any consequences (these may well
be less severe than those of not publishing the record, time will tell).

The big problems of SPF are something else:

1) Every spammer can easily register lots of domains (they already do)
   and publish SPF records for those. The pure existence of an SPF
   record doesn't tell you anything. You also need a reputation system.

2) Lots of domain owners don't publish SPF records and probably won't
   ever do so. So the nonexistence of an SPF record also tells you
   nothing.

3) Because of the above two points, many MTAs won't reject mails which
   don't pass SPF, so publishing an SPF record will have little effect.
   (which feeds back to problem 2)

        hp

-- 
   _  | Peter J. Holzer    | Je höher der Norden, desto weniger wird
|_|_) | Sysadmin WSR       | überhaupt gesprochen, also auch kein Dialekt.
| |   | hjp(_at_)hjp(_dot_)at         | Hallig Gröde ist fast gänzlich 
dialektfrei.
__/   | http://www.hjp.at/ |   -- Hannes Petersen in desd

Attachment: pgpMcwlXwVaON.pgp
Description: PGP signature

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Re: SPF abused by spammers, Peter J. Holzer
Next by Date:  Re: [Asrg] Re: SPF abused by spammers, Seth Breidbart
Previous by Thread:  Re: [Asrg] Re: SPF abused by spammers, Barry Shein
Next by Thread:  Re: [Asrg] Re: SPF abused by spammers, Seth Breidbart
Indexes:  [Date] [Thread] [Top] [All Lists]