spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Time to start rejecting on neutral?

2005-05-16 20:27:17
from [Scott Kitterman] [Permanent Link] 
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Guy
Sent: Monday, May 16, 2005 10:53 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Time to start rejecting on neutral?



-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com [mailto:owner-spf-
discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Scott Kitterman
Sent: Monday, May 16, 2005 9:53 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Time to start rejecting on neutral?

...... Original Message .......
On Mon, 16 May 2005 15:09:15 -0400 (EDT) "Stuart D. Gathman"
<stuart(_at_)bmsi(_dot_)com> wrote:

We (and our customers) have been bombarded by a boatload of German spam.
One characteristic of this spam is that the (forged) MAIL FROM is always

a

domain with an SPF record that returns NEUTRAL for the zombies IP. It is
as if the zombie program screens potential forged MAIL FROMs to ensure
that they have an SPF record and won't get a FAIL.

I already reject NEUTRAL for commonly forged domains (e.g. aol.com), but
this new attack may lead to rejecting NEUTRAL results across the board.

Comments?  (Other than noting that the draft RFC says NEUTRAL MUST BE
treated the same as NONE.  My MTA, my rules.)



Well do that and people like me who are tied to shared MTAs that do not
prevent cross-customer forgery are pretty well screwed.  We either get it
coming or going.

Scott K

I have never liked NEUTRAL.  It is like NONE.  So, no point.
I would like to see something between PASS and NEUTRAL, maybe NORMAL, or
EXPECTED.  This would be used for a shared MTA like I must use since my IP
address is dynamic and on some blacklists as such.  It is NORMAL
for mail to
come from me via my ISP's MTA.  But I should not use PASS since it can be
forged, and I can't promise I really sent it.  But since I really
do have an
SPF record, you should trust me more than if I did not have an SPF record.

I also think PASS, NORMAL and NEUTRAL should not be allowed with "all".

I also think an SPF record should be REQUIRED at some point in the future.
At that point it would be reasonable or recommended to reject
NEUTRAL, since
NEUTRAL is like having no SPF record.

Guy


I argued for this last year, although instead of normal I called it
Softpass.  I lost.  Here we are.

Scott K
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Time to start rejecting on neutral?, Guy
Next by Date:  Re: Time to start rejecting on neutral?, Stuart D. Gathman
Previous by Thread:  RE: Time to start rejecting on neutral?, Guy
Next by Thread:  RE: Time to start rejecting on neutral?, Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]