spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Is SPF all that useful?

2004-07-23 17:29:43
from [Koen Martens] [Permanent Link] 
On Fri, Jul 23, 2004 at 05:16:39PM -0700, Gilbert, Joseph wrote:

I run spf with a secondary mx and have no problem with it. How? The
secondary does spf checks as well as all other checks my 
primary does, and 
the primary trusts everything it receives from the secondary. Now the
only problem I see with this is that someone could be able to 
spoof the
ip of my secondary, but that's a risk i'm willing to take.


I see.  So, whatever other sort of filters I am running on my primary MTA
have to be enabled on my secondary MTA.  Thus, any spam marking, stripping,
discarded, etc. that occurs on my primary has to be duplicated on any
secondary MTA I have.  In my case, that would require additional hardware,
not to mention time configuring and testing the software config.

Then, the question becomes benefit vs. cost on running a secondary or
tertiary mail server.  

Alright, I see that this particular issue can be resolved with the
appropriate configuration.


As said, it is common for spammers to use your secondary first to drop
their loads. In fact, i have been checking and most of the spam I got
was received by my secondary. To be sure, your secondary should also
have a way of checking if the recipients do indeed exist, so mail can be
rejected by the secondary before the DATA phase, saving bandwidth and hd
space as well as preventing bounces from being sent.

Another solution mentioned on this list is for the secondary to reject
mail if the primary is on-line. Yet another is to not have a secondary
at all, given that mta's will try several days before finally giving up
anyway. If you have an incoming mta with a reliable hosting company, you
probably don't need a secondary (if you accept the possible delay).


Koen

-- 
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Send us money!  http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

Attachment: pgpGQQ7zfTPVH.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Is SPF all that useful?, Michel Bouissou
Next by Date:  RE: Is SPF all that useful?, Gilbert, Joseph
Previous by Thread:  Re: Is SPF all that useful?, Michel Bouissou
Next by Thread:  RE: Is SPF all that useful?, terry
Indexes:  [Date] [Thread] [Top] [All Lists]