spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: "worm spam" and SPF

2004-11-26 05:19:52
from [Peter Snow] [Permanent Link] 

  ----- Original Message -----

From:    Fridrik Skulason  -  frisk(_at_)f-prot(_dot_)com
Sent:     Friday, November 26, 2004, 11:13:09 AM
To:        spf-discuss(_at_)v2(_dot_)listbox(_dot_)com  -  
spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] "worm spam" and SPF



* Some of the domains that send us those bounces have published SPF
  records, which indicates they are aware of SPF, but for one reason
  or another they have decided not to implement SPF checking, so
  they continue to cause problems for everyone else with those
  bounces.


I don't understand, if a company have decided not to implement SPF
checking (although they have got as far a publishing their own SPF
records, how can this result in them causing "problems for everyone
else with those bounces"? If they are not performing SPF checking yet,
surely they are not bouncing messages based on an SPF result?

Maybe I missed the point here? Please can you clarify this?



* In fact, it is irrelevant how many domains publish SPF records. Even
  if every single domain had a record with "-all", it would not help
  one bit.  The reason is of course that what really matters is the
  number of domains that actually check SPF records and reject and
  drop mails that fail.


I agree, but feel that perhaps they should just monitor SPF logs for
now rather than reject the messages until more domains have figured
out how to get there record published right and mail headers looking
acceptable (particularly servers which are involved in 'forwarding'
mail. I'm sure, once this is the case, most mail admins will be only
too eager to start bouncing or dropping SPF failures.

A point which may be worth me mentioning here, is that as you rightly
say, there is already plenty of fallout generated by viruses, do we
really want to be receiving an email every time a virus falsely
identifies itself as us? or a spam is forged to have come from us?
Surely, if an email fails an SPF check then it would be wrong to
bounce the message to the original sender as we would already have
established that it was not from who it claimed to be from.

Therefore, would it not be more beneficial to simply 'drop' SPF
failures? Otherwise it will still be possible for virus writers to
bring the Internet to it's knees by causing millions of SPF failure
messages to be generated to innocent end users. > comments please.


Peter Snow
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: URGENT: Community Position on SenderID, Frank Ellermann
Next by Date:  Re: My notes from FTC Summit with statistics (was: Sendmail white paper), Frank Ellermann
Previous by Thread:  Re: "worm spam" and SPF, Alex van den Bogaerdt
Next by Thread:  Re: "worm spam" and SPF, Fridrik Skulason
Indexes:  [Date] [Thread] [Top] [All Lists]