spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Co-operative 'bulk mail' alerting

2004-08-20 04:48:29
from [Mark] [Permanent Link] 
Mark wrote:


It's meant to be used with sender-id, so you check against the
sender-id domain (which is the PRA domain, ...


Thank you. They actually DO say it is used in conjunction with
SenderID.

Which raises some doubt as to its current useability, really. Without
a mechanism in place yet to make the determination whether the
relay is really authorized to use a PRA domain, nothing goes.
Because I am not going to award positive SA scores for the use of,
say, the hotmail.com domain in the PRA (hotmail.com has a
"Status: Good"), until I am darn sure the relay is
authorized to use that domain name. Long live good ol' SPF! :)


I have now implemented this as follows (schematically):

At envfrom_callback I only accept the good rating if the relay is indeed
authorized to use the domain:

if (Cloudmark test on same domain as used for SPF says "Bad") {
    spit out a reject message;
} elsif (Cloudmark test on same domain as used for SPF says "Good") {
    prepare a positive header for PRA domain if SPF check eq 'pass';
}

(Yes, I know, the Cloudmark check was not meant to be used on the SPF
domain. But, hey, why not? If the Cloudmark test already fails on the SPF
domain, then I see no reason to continue the transmission).

At eoh_callback I will accept the good rating if the PTR of the connecting
host ends in PRA domain name:

if (Cloudmark test on PRA domain says "Bad") {
    prepare reject message for eom_callback;
} elsif (Cloudmark test on PRA domain says "Good") {
    prepare a positive header for PRA domain if \
    PTR of connecting host ends in PRA domain name;
}

That is a safe bet: if I encounter a hotmail.com PRA address in the headers,
then it is safe to assume that the conecting host is allowed to use the
hotmail.com domain name in PRA's if the PTR of the connecting host also ends
in hotmail.com.

This is not ideal, perhaps; but I am quite happy with my makeshift solution.
And it is already blocking quite a few extra spam.:)

- Mark

        System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Perfect Spam Blocking with SPF -- Update, Paul Howarth
Next by Date:  Re: Perfect Spam Blocking with SPF -- Update, Koen Martens
Previous by Thread:  Re: Co-operative 'bulk mail' alerting, Koen Martens
Next by Thread:  Re: Co-operative 'bulk mail' alerting, Koen Martens
Indexes:  [Date] [Thread] [Top] [All Lists]