ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Re: SPF abused by spammers

2004-09-14 15:43:09
from [Peter J. Holzer] [Permanent Link] 
On 2004-09-14 17:03:04 -0400, Barry Shein wrote:

I will admit that I am *almost* beaten into the ground in pure
frustration by the lengthy verbiage and misinterpretations of the
questions but ONE MORE TIME...(I know I know it's all my fault.)

Can wanadoo.fr publish an SPF record allowing the PC which is
currently assigned the host name:

      ABordeaux-251-2-10-162.w82-125.abo.wanadoo.fr

to send mail claiming to be from:

      
johndoe(_at_)ABordeaux-251-2-10-162(_dot_)w82-125(_dot_)abo(_dot_)wanadoo(_dot_)fr

I say they can


Of course they can. 


and likely will,


Why should they? No legitimate user would want to send mail as
johndoe(_at_)ABordeaux-251-2-10-162(_dot_)w82-125(_dot_)abo(_dot_)wanadoo(_dot_)fr,
 because he will
never be able receive an answer (assuming that this is an address in a
dynamic address pool). The legitimate user will send want to send mail
as johndoe(_at_)wanadoo(_dot_)fr, or maybe 
johndoe(_at_)bordeaux(_dot_)wanadoo(_dot_)fr(_dot_)

Publishing such records makes no sense at all. Publishing records
allowing the whole dial-in pool to send mail as johndoe(_at_)wanadoo(_dot_)fr 
makes
at least some sense and some providers may do that.

Anyway, if wanadoo chooses to publish such records, who cares? Does it
make any difference whether the spam comes from
<johndoe(_at_)ABordeaux-251-2-10-162(_dot_)w82-125(_dot_)abo(_dot_)wanadoo(_dot_)fr>
 or from
<johndoe(_at_)nigerianlottoviagra5731ab(_dot_)biz>?


but more importantly that spammers who
grab such a host as a zombie can use this to send all the mail they
want past any SPF.


SPF doesn't stop spam. It doesn't even try to stop spam. All it does is
tell the recipient whether a certain IP address is allowed to send mail
on behalf of a certain domain.

This allows to domain owner to prevent forgeries (or rather, allows the
domain owner to publish information which will allow the recipient to
recognize the forgery easily), which will reduce bounces and misguided
complaints.

It may be used against spam together with a reputation system for
domains. But frankly, I don't see why a reputation system for domains
should be more effective than the existing reputation systems for IP
addresses (aka RBLs).

        hp

-- 
   _  | Peter J. Holzer    | Je höher der Norden, desto weniger wird
|_|_) | Sysadmin WSR       | überhaupt gesprochen, also auch kein Dialekt.
| |   | hjp(_at_)hjp(_dot_)at         | Hallig Gröde ist fast gänzlich 
dialektfrei.
__/   | http://www.hjp.at/ |   -- Hannes Petersen in desd

Attachment: pgps7baZnwCFT.pgp
Description: PGP signature

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Re: SPF abused by spammers, Barry Shein
Next by Date:  RE: [Asrg] Re: SPF abused by spammers, Barry Shein
Previous by Thread:  Re: [Asrg] Re: SPF abused by spammers, Barry Shein
Next by Thread:  Re: [Asrg] Re: SPF abused by spammers, Markus Stumpf
Indexes:  [Date] [Thread] [Top] [All Lists]