RE: SPF abused by spammers

On Thu, 9 Sep 2004, Sauer, Damon wrote:

> Dean,
>
>  You are missing where this is a GOOD thing. We WANT spammers to use
> SPF.
> This will allow us to identify, publish, process, shred, pillage, burn,
> destroy the IP addresses that this stuff is coming from. Nobody is doing
> less stringent processing of the email that passes an SPF check. It just
> makes it easier to block when identified.
SPF doesn't make it easier to identify spammers.  

>  The checks that I DON'T have to do are against the received from:
> headers. I already know. If you want to call this 'reducing filtering'
> so be it. But it is a reduction because the check that you used to have
> to run is no longer necessary.
>
> Regards,
> Damon Sauer
>
>
> -----Original Message-----
> From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org
> [mailto:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Dean 
> Anderson
> Sent: Thursday, September 09, 2004 10:59 AM
> To: Markus Stumpf
> Cc: ietf-mxcomp(_at_)vpnc(_dot_)org
> Subject: Re: SPF abused by spammers
>
>
>
> Isn't that what I said would happen?
>
>               --Dean
>
> On Thu, 9 Sep 2004, Markus Stumpf wrote:
>
> > Justin Murdock posted this link on the qmail list:
> >     http://news.bbc.co.uk/1/hi/technology/3631350.stm
> >     "CipherTrust [...] found that 34% more spam is passing SPF checks
> than
> >     legitimate e-mail."
> >
> >     \Maex
> Date: Tue, 10 Aug 2004 19:55:57 -0400 (EDT)
> From: Dean Anderson <dean(_at_)av8(_dot_)com>
> To: 'IETF MARID WG' <ietf-mxcomp(_at_)imc(_dot_)org>
> Subject: Analysis of SPF benefits for reduced filtering
>
>
> It has been reported that AOL is already using SPF to give reduced 
> filtering to SPF-using domains. Is this a good idea?
>
> IF you use SPF to provide less stringent anti-spam processing, then you
> are MORE vulnerable than you were before. You have shot yourself in the
> foot.  Suppose for example that AOL subjects MSN users to less stringent
> anti-spam filtering because MSN uses SPF.  MSN is still vulnerable to
> viruses as it was before it used SPF, and it is just as vulnerable to
> disposable account creation as it was before.  Using SPF will
> __attract__ abusers to MSN, because they can get more spam through to
> AOL, because it is subject to less processing.  Since AOL is doing less
> processing on the same spam, AOL users get more spam. SPF is bad for
> both companies.
>
> And of course, anyone who sets up a disposable domain can also get spam
> through to AOL by creating an SPF record for the domain. Disposable
> domains along with disposable or stolen accounts is a major problem now,
> and it remains a major problem under SPF.
>
> Anything that reduces spam filtering without reducing the number of
> abusers will be harmful.
>
> Basically, SPF gives abusers the opportunity to whitelist themselves, or
> the opportunity to identify ISPs that may be whitelisted. Any kind of
> whitelist that is under the control of the sender, rather than the
> recipient is also going to be ineffective and harmful.
>
>
> Dean Anderson
> Av8 Internet, Inc
>
>
>
> *****
> The information transmitted is intended only for the person or entity to 
> which it is addressed and may contain confidential, proprietary, and/or 
> privileged material.  Any review, retransmission, dissemination or other use 
> of, or taking of any action in reliance upon, this information by persons or 
> entities other than the intended recipient is prohibited.  If you received 
> this in error, please contact the sender and delete the material from all 
> computers. 113