Brian Candler wrote:
Please correct me if I'm wrong, but I can't see that SPF is going to
make a significant impact on the received noise from joe-jobs until
the majority of Internet providers implement SPF filters AND the
majority of domains declare SPF info.
Since publishing SPF records and enabling SPF checks on my MTA a week or
so ago for a handful of vanity domains, I've only gotten 3 SPF fails
(granted, this is an extremely low volume server). However, I have
gotten a whole boatload of SPF passes which I am currently allowing
around my spam filters. All but one of the SPF passes I have received
have been legitimate messages. So far, I'm more impressed by the
indication of (possibly more) legitimate mail rather than the indication
of illegitimate mail that SPF is providing. Hopefully, as more sites
begin publishing and checking SPF records, I'll see more spoofed
messages fail SPF, but I have personally seen an immediate and drastic
result since deploying SPF for my domains and MTA. Someone was
previously posting some weekly statistics to the list of their SPF-aware
MTA, perhaps they could continue to do so? Then you may have a better
understanding of the impact that SPF is having *right now*.
On a side note, the one SPF pass that I said that my MTA received that
was not legitimate, was indeed spam. I am currently investigating and
intend on filing a complaint with the originating ISP, since I now have
SPF data to help demonstrate that the message is more easily traced back
to the source than some of the more common spam complaints they may get.
---
Dustin D. Trammell
Vulnerability Remediation Alchemist
Citadel Security Software, Inc.