ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] Re: article: port 25 blocking

2005-04-12 19:06:41
from [Frank Ellermann] [Permanent Link] 
George Ou wrote:


If we could get the top 50 domains to start "punishing"
non-SPF compliant with delays and a gradual migration to
a hard fail in unison, would that not prompt other domains
to become SPF compliant?


Something with your definition of "non-SPF compliant" is wrong.

"v=spf1 -ip4:127.0.0.1 +all" is perfectly compliant, it could
even make sense.  And if not it's easy to find cases where +all
is _very_ useful, see the recent include:not.me discussion on
the spf-discuss mailing list.

"v=spf1 a ~all" is also perfectly compliant, the latest draft
proposes to process a SOFTFAIL in a greylisting-style.

Something like "v=spf1" (implicitly the same as "v=spf1 ?all")
or many other policies ending with "?all" might be useless, but
they are still "compliant".  And there are cases where a "?"
NEUTRAL result is exactly what the sender wanted, e.g.

"v=spf1 mx ?a:sometimes.i.use.a.spamcast.mta.example -all"

But maybe you define "compliant" as "no sender policy is bad".
That's not true, because it's relatively easy for spammers to
get an SPF PASS if they want it:

"v=spf1 +exists:%{ir}.comcast.blackholes.us -all"

This policy radically PASSes for all spamcast zombies, and it
is again relatively simple to get a similar effect with a less
obvious policy.

In other words PASS is meaningless unless it's from somebody
you already know (e.g. paypal).  SOFTFAIL could be useful.  But
the full power of SPF is FAIL, because receivers can reject it.

That forces spammers to forge another domain.  No more bogus
bounces / challenges / vacation / what else mails to the owners
of SPF-FAIL protected domains.

Effect on spam:  zero, they just forge another domain.  Effect
on SMTP:  nice, SMTP only works if the whole world does _not_
stop to send bounces etc. or delete them automatically on sight.

If you really think that SPF is a FUSSP (IMNSHO it is not) you
have to add meaning to a PASS (PASS from ebay vs. PASS from an
unknown stranger), and for that you need white lists of known
senders, and the only obvious way to create them on the fly is
some kind of C/R system <shudder />

Otherwise SPF is unrelated to anti-spam, like "port 25 blocks"
are unrelated to anti-zombie, and Sender-ID is unrelated to
anti-phishing.
                              Bye, Frank



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] article: port 25 blocking, Devdas Bhagat
Next by Date:  Re: [Asrg] article: port 25 blocking, Markus Stumpf
Previous by Thread:  RE: [Asrg] article: port 25 blocking, George Ou
Next by Thread:  RE: [Asrg] article: port 25 blocking, Barry Shein
Indexes:  [Date] [Thread] [Top] [All Lists]