spf-discuss
[Top] [All Lists]

Re: Re: A couple of thoughts

2004-02-22 03:06:17
Brian Candler wrote:
Please correct me if I'm wrong, but I can't see that SPF is going to
make a significant impact on the received noise from joe-jobs until
the majority of Internet providers implement SPF filters AND the
majority of domains declare SPF info.

Dustin D. Trammell writes:
Since publishing SPF records and enabling SPF checks on my MTA a week or
so ago for a handful of vanity domains, I've only gotten 3 SPF fails
(granted, this is an extremely low volume server).  However, I have
gotten a whole boatload of SPF passes which I am currently allowing
around my spam filters.  All but one of the SPF passes I have received
have been legitimate messages.

Brian Candler wrote:
So if I interpret this correctly: what you are saying is that you get
very few joe-job bounces anyway, so SPF hasn't made any difference to
you.  Unfortunately, I get dozens of them per day.
Eventually when pobox.com starts publishing an SPF policy for my
individual address (b(_dot_)candler(_at_)pobox(_dot_)com) which matches the IP 
ranges I
send from, I can be happy that I won't get joe-jobs relayed via your
system or others who have enabled SPF, but I still will from the other
90%+ of the Internet :-(  Brian.


You are right that there will be a ramping effect, but I don't actually expect it to be linear. Spammers are smart, and they want to get 100% of their spam delivered. I really think that once some of the big names checking spf data on receipt, and some other big names to publish the info, spammers will see enough bounces to change their behavior. I don't think it will take 50% of the receivers to be covered to reduce your bounced/forged spam by 50%.

Of course, spammers are not likely to start using their own domains. It will be easier to just scan their list of fake from-addresses and only spoof domains that don't have SPF set up yet. Then unprotected domains will get more bounced spam/bounced virus mail and SPF domains will get less, and they will feel a slight pressure to publish. I expect it will be a long time before SPF is popular enough to start blocking mail that doesn't come from SPF domains.


--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>