Sorry if I am jumping on mid stream and missing the main point but SPF was
suppose to be the first step and then next would be reputation.
BTY I am very pleased with SenderBase (even catches Comcast zombies) I would
be curious to know if anyone else is?
I also noticed that some corp. at least one Kraft, is rejecting email if
your sending IP is not one of your MX IPs:
"v=spf1 mx ?all"
----------------------------------------
Alex Sukhenko
CTO
Exmplar
3900 Jermantown Road
Fairfax, VA 20330
703 273 2311 x232 - phone
703 654 6588 - fax
-----Original Message-----
From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org]
On Behalf Of Carl Hutzler
Sent: Thursday, May 26, 2005 7:21 AM
To: nobody(_at_)xyzzy(_dot_)claranet(_dot_)de
Cc: ietf-mxcomp(_at_)imc(_dot_)org
Subject: Re: SPF PASS (was: "If you believe that the SPF concept is
fundamentally flawed, please subscribe at http://www.imc.org/ietf-mxcomp/";)
nobody(_at_)xyzzy(_dot_)claranet(_dot_)de wrote:
Carl Hutzler wrote:
Is this use of SPF flawed?
[...]
If the [connecting IP] = [SPF record] then "trust it
more/whitelist"
It's perfectly possible for a spammer to get a PASS. You
wouldn't whitelist a spammer. But it's impossible for a
spammer to pretend to be me, he'd get a FAIL (in my case).
Unless I'm this spammer of course.
Actually, we DO WHITELIST SPAMMERS. I mean it happens. We don't want it
to happen a lot, but it does. See we also monitor everyone on the WL
very closely via volume, complaint, and bounce rates. So while a spammer
could get onto the whitelist, they won't be for long. And a new spammer
will have very low limits placed on how much they can send via a simple
SPF=whitelist type method. Now if they prove once on the SPF=whitelist
that they are a good sender, we would bump up their rate limits....or if
they contact us to get "accredited" via our postmaster.aol.com webpage
where you can simply ask to be on the whitelist, we might let them in
with higher limits on day 1. We do this of course for well known
organizations.
valuable reverse MX records which cover well over 95% of
the email traffic on the internet today.
Is that a guess ? 95% is a rather high number.
OK, 85%. Is that better? Still beats the 80/20 rule easily. How much
mail is not sent directly from the sending ISP to the destination ISP.
For AOL it is a small number.
Perhaps SPF should be updated to have the above logic.
You can use it this way. But whitelisting a PASS only
because it's a PASS is no long term strategy:
"v=spf1 +exists:{ir}.comcast.blackholes.us -all"
See above. It actually IS very good for AOL because of all our other
reputation based logic. Perhaps not every ISP can build this, but we do
have one. Of course many 3rd party products are out there that do what
we do...SenderBase (volume/bounces), SpamCop (complaints), Spamnet
(complaints), etc.
Back to my day job :-)
Be careful with mail from these comcast IPs, bye, Frank
--
Carl Hutzler
Director, Host Mail Development
America Online
cdhutzler(_at_)aol(_dot_)com
703.265.5521 work
703.915.6862 cell