spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Using headers instead of SRS

2004-01-26 13:10:21
from [Greg Connor] [Permanent Link]
--On Monday, January 26, 2004 7:45 PM +0000 "Steven G. Willis" <sgwillis(_at_)deepskytech(_dot_)com> wrote: 


On 01/26/2004 at 11:36 it was written:


My original suggestion was that we should seriously *investigate*
whether  there is already a strong link between envelope sender and one
of the more  user-visible headers.  It's currently beyond my power to
say for sure  whether there is one.


We have a database here of many million emails, a large portion of which
are UCE. But, we do have a large enough number of non-UCE in the system
to pull some statistically meaningful data for such a check.

Let us know specifically what you would like to see and we'll run some
queries for ya...



Thanks.
Probably the most interesting would be to see how many messages have a Return-Path that does not match any of From, Sender, Resent-From, Resent-Sender. Additionally we would want to know if the non-matching messages are all spam, all from mailing lists, or neither/no pattern. 

I submit that this is useful for two, possibly three reasons.
1. SPF adheres strongly to the envelope-sender (usually preserved in Return-Path) and we want to know if blocking based on that is "just as effective" as filtering based on those four headers.
2. Other proposals that might compete with SPF for attention focus on those headers. We want to know if SPF is just as effective, with the added bonus of rejecting the mail before the DATA phase.
And possibly 3. It's possible that spammers might later change the envelope sender / Return-Path are their-domain, or some other non-spf-protected domain, BUT leave the From: and Sender: as a blatant joe-job. If a strong correlation now exists, admins can implement additional safety checks in the form of "Security warning" added to the header or message if they are found NOT to match. 

Thanks again,
gregc

--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
Wiki: 
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/HomePage
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Is Return-Path as available as we think?, wayne
Next by Date:  Re: what about an SPF modifier for C/R policy?, Phil Howard
Previous by Thread:  RE: Using headers instead of SRS, Steven G. Willis
Next by Thread:  Re: Using headers instead of SRS, wayne
Indexes:  [Date] [Thread] [Top] [All Lists]