spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: SPF and HELO

2004-04-22 08:37:03
from [Philip Tucker] [Permanent Link] 
Have you verified none of the 2525 messages were non-spam?

-----Original Message-----
From: Stuart D. Gathman [mailto:stuart(_at_)bmsi(_dot_)com]
Sent: Thursday, April 22, 2004 10:12 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] SPF and HELO


On Thu, 22 Apr 2004, wayne wrote:


When there is no SPF record for MAIL FROM, I lookup the SPF record

for 

HELO, and reject the connection on fail,softfail,neutral.

[snip]

Comments welcome (I wouldn't be surprised if this has already been 
discussed).


Good idea!

I don't recall this being discussed before, but it makes a lot of
sense.  Please let us know how well it works in practice.


In the last 24H, we had about 40000 attempts to send us mail.  The worst
abusers are blocked by our firewall.  Of those that reach sendmail,

1006 were blocked by a local blacklist.
2496 were blocked by a DNSBL that is shared with our clients.
8975 were passed on to Python milter
(http://www.bmsi.com/python/milter.html)

Of the 8975 connects reaching Python milter:

5696 were REJECTED for all reasons.

2525 were rejected because of HELO failing the SPF check.  Of these,
2419 used a HELO with my own domain, and 106 used a HELO with other
domains.  (So just rejecting your own domains from external servers
gets most of the benefit - but SPF generalizes the check and eliminates
a
configuration item.)

472 were rejected because of a numeric HELO (usually my own IP)

414 were rejected because of MAIL FROM failing SPF.

488 were forged bounces detected by SES.

1686 were rejected after the DATA phase by bayesian content analysis
(DSPAM).
I should point out that Received-SPF headers greatly improve the
accuracy
of bayesian filters even when REJECTs based only on SPF are not
possible.

So, you can see that the SPF HELO check is the single best filter in
my setup, with content analysis a close second.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703
591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/spf-draft-200403.txt
Wiki:
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription, 
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SV: Whitelists instead of SRS, Lars Dybdahl
Next by Date:  INBOX Email Event, June 2 evening -- SPF Community Offer, Meng Weng Wong
Previous by Thread:  Re: SPF and HELO, Stuart D. Gathman
Next by Thread:  RE: SPF and HELO, Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]