spf-discuss
[Top] [All Lists]

RE: Forwading/Redirecting: The problem as I see it....

2005-07-09 02:52:38
On Fri, 2005-07-08 at 11:37 -0400, Stuart D. Gathman wrote:
An SPF pass is useful for whitelisting.  You can already blacklist
a domain without regard to forgery, but SPF helps there indirectly
by forcing spammers to use their own domains (even if they are
"throw away" domains).

So you're suggesting that a 'definitely from domain XXX' result should
allow that domain to get blacklisted, while a 'probably from domain XXX'
result would not?

Doesn't that mean that the spammers would use their own domain but
always publish records with 'unknown' results? Surely you need something
more sophisticated as a criterion for blacklisting?

For instance, my client wants to exempt mail from example.com from
content scanning.  (Catalogs with products and prices tend
to look like spam.)  But of course, we still don't want forged mail
claiming to be from example.com.  With SPF, this is simple.

A useful automatic technique is to add all rfc2821 recipients for
outgoing mail to a list.  If the MAIL FROM domain for incoming mail
is in the list and gets an SPF pass, then skip content checking.
The domain blacklist still applies, of course.

In the case of a sender-address whitelist which is used to bypass
content checking, it's obviously important to verify that there is at
least _some_ probability that the mail comes from the purported sender.
Is it really necessary to distinguish SPF 'pass' from 'unknown'? 

Perhaps so, for the many records that end in '?all'. It really is a
shame that there's such disparity in the published records. The
likelihood that an 'unknown' result is a fake is relatively high.

But for the case of SES, the result which we're considering vaguely
analogous to 'unknown' is the case of a signed reverse-path which has no
message digest. The probabilities are different than with the SPF
'unknown' result -- it's still _almost_ certain to be a genuine mail.

Thus, surely you can just bypass the content checking for that one too?
It's true that you get _some_ extra benefit from the digest, but is it
really worth it?

This discussion probably belongs on the SES list, I suppose. Shall we
take it there?

-- 
dwmw2



<Prev in Thread] Current Thread [Next in Thread>