----- Original Message -----
From: "Greg Connor" <gconnor(_at_)nekodojo(_dot_)org>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Wednesday, December 22, 2004 6:04 AM
Subject: Re: [spf-discuss] Using best-guess
...... Original Message .......
On Mon, 20 Dec 2004 21:22:56 -0500 Meng Weng Wong
<mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> wrote:
On Mon, Dec 20, 2004 at 04:52:07PM -0500, Stuart D. Gathman wrote:
|
| There was a proposal for a "zone-cut" default mechanism for SPF
clients,
| but it is not widely implemented.
|
it might be easier to implement the default suggested by
gconnor:
if the host has an MX record but no SPF record, use
best_guess "a/24 mx/24 ptr".
if the host has an A record but no MX record and no SPF
record, use best_guess "a/24".
Defining these defaults into the spec would have the effect
of correctly taking care of a majority of cases; only those
cases which are not already correctly described by the above
would have to publish records.
--Scott Kitterman <spf2(_at_)kitterman(_dot_)com> wrote:
I would suggest that best guess records should produce a NEUTRAL result
if they match. Best guess is a good way to reject lots of obvious
forgeries, but probably a poor way to establish authorization.
I'm thinking no one should have their reputation suffer or end up on a
RHSBL because of a best guess match.
Scott- I agree with the concerns. "Best guess" doesn't mean
"accountable"
because the domain owner has made no statement authorizing any MTA to send
the mail.
I submit that "best guess" is still a great tool for implementing a
receiver policy. It's basically a way for receivers to comb through large
amounts of mail looking for "probably not forged". It should not be used
in all the contexts that an SPF PASS might be (such as sticking your
domain
on an RHSBL).
I don't think I would want "best guess" to be an official part of the
spec.
It really should be its own document, like a "best practices statement".
Some real-world data from large-scale receivers would back this up nicely.
Note that best-guess doesn't have an -all at the end, so ?all is assumed.
That means if we use neutral for the rest of the record as well (?a/24
?mx/24 ?ptr) it ends up being pretty much a noop.
The real trick will be to use it to get a PASS result when the sender is
"almost certainly under the same management as the domain" - but that we
should be careful to mark the result as "No SPF - Using best guess". (I'm
assuming if you were going to use SPF results to add spammer domains to an
RHSBL that you would require some sort of trace/audit header like
Received-SPF: so this is probably a good place to record that info.)
Who knows, depending on the purpose of the RHSBL, perhaps I would want the
spam-from-best-guess-mailer to be listed as well. Either that or I would
have two RHSBL's, one would be "Known spammer domains" and the other would
be "Spam from Best Guess" - that way you can at least quit applying Best
Guess to those domains that spam would otherwise get in.
Question for anyone familiar with the various SPF plugins and libraries -
which ones do or don't implement "best guess", and how do they record a
Pass result? Is best guess Pass logged differently from regular SPF Pass?
Also, question for anyone who has used the Best Guess feature in a large
scale receiving environment - does Best Guess give you a notable increase
in Pass results received? How do you use the resulting data?
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>
I proposed a method to overcome mail-list and forwarding issues which would
use a "best-guess" style analysis, and not reject on fail of the "secondary"
checks, but would score appropriately for Spamassassin or whatever.
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200412/0192.html
Slainte,
JohnP.
johnp(_at_)idimo(_dot_)com
ICQ 313355492