Paul Howarth wrote:
Hi,
supposing a domain makes use of the "forgery probability" scheme, and
for three mails that you receive from that domain, the forgery
probability is 10%, 50%, and 90%. What would you propose the
recipient actually do with those three mails, based on the forgery
probabilities?
Paul.
Allow me to recast the numbers from "forgery probability" to "strength of
authorization" - authorization in the sense that the sending server is
authorized by the domain owner to send mail (no SMTP AUTH is necessarily
implied.)
Short answer: depends on the recipient mail server admin's responsibilities.
If the recipient is a personal domain run by a home user and perhaps his
family, I propose that he SMTP REJECT all three of these messages, and indeed,
any mail that is less than 100%-strength authorized. (This doesn't include
mail from domains with no SPF record.)
If the recipient is the FBI's computer-terrorist-alert dropbox, I propose that
they ACCEPT all three of these emails, and in fact any other email that comes
their way. They should also save the complete transcription of the SMTP
conversation, and the results of any DNS lookups (including SPF) that were
performed at that time.
If the recipient is a company that wants to receive a high percentage of
customer emails and a low percentage of spam, I suggest that they take the
published percentage into consideration during their spam analysis, for
example, as follows:
Keep a running log of percent-of-email-that-is-good received, by domain:
Total Good Domain
300 5% herbal-viagra.example.com
50 40% free-email.example.com
85 90% software-vendor.example.com
Consider the following email messages:
Email HV9: from herman(_at_)herbal-viagra(_dot_)example(_dot_)com, SPF
authority = 90%
Email HV5: from herman(_at_)herbal-viagra(_dot_)example(_dot_)com, SPF
authority = 50%
Email HV1: from herman(_at_)herbal-viagra(_dot_)example(_dot_)com, SPF
authority = 10%
Email FE9: from fred(_at_)free-email(_dot_)example(_dot_)com, SPF authority =
90%
Email FE5: from fred(_at_)free-email(_dot_)example(_dot_)com, SPF authority =
50%
Email FE1: from fred(_at_)free-email(_dot_)example(_dot_)com, SPF authority =
10%
Email SV9: from sophie(_at_)software-vendor(_dot_)example(_dot_)com, SPF
authority = 90%
Email SV5: from sophie(_at_)software-vendor(_dot_)example(_dot_)com, SPF
authority = 50%
Email SV1: from sophie(_at_)software-vendor(_dot_)example(_dot_)com, SPF
authority = 10%
Taking the SPF authority into conjunction with the running log, I'd
specifically recommend:
HV9: SMTP reject
HV5: SMTP reject
HV1: SMTP reject
FE9: Accept
FE5: Accept but stick a "possible-junk" header on it
FE1: SMTP reject
SV9: Accept and stick a "probably-good" header on it
SV5: Accept
SV1: Accept but stick a "possible-junk" header on it
Accepted email feeds the spam analysis.
Aging of the history is optional (that is, keep a "recent history").
Matthew(_dot_)van(_dot_)Eerde(_at_)hbinc(_dot_)com
805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"