spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Latest Spam

2006-01-27 09:47:14
from [John Hinton] [Permanent Link] 
Craig Whitmore wrote:




SPF is *NOT* a solution for spam. It might help though as it is meant
for validating the origin of the message and a spammer needs to pick a
valid source domain.
Yes.. true.. but it seems that a lot of domains have SPF records, but they mean nothing really in SPF as they don't protect the domains from being plished at all with the ?all 


Thanks
Craig
I for one got burned by adding a perfect SPF record.. precisely correct for my situation. What happened? Someone on the other end was using a forwarding service and then had a SPF checker running on their server. It saw the forwarding mail IP, checked that against my record and bounced everything.
If this was only one situation out there I would have just left my stuff alone, but, it seems that there are many malconfigured receiving machines... To me the bottom line is it is still too early to write a hard rule. ?all has not had any apparent problems such as this. Also, I think ?all was designed not only for outgoing, but also for incoming problems, like the one above.
The trouble is SPF is not well known yet. It needs promotion. Its the beautiful new piece of software sitting on someone's computer, which is not connected to the internet and just sitting in some attic. I know, it's not that bad as it is out there, but it is just not explained nor understood very well yet. (my reason for so many posts some months back about getting the website updated to have 'good' content)
The people on this end don't seem to realize that their are many sysadmins out their that don't know squat about DNS, mailservers, or even really much about internet servers at all, but instead just click in check boxes to 'turn stuff on' or 'turn stuff off' and configuration is all a blind backend, and understanding is way behind that. So, in the battle against spam, someone just turns everything on in an Exchange server for instance.. and never stops to think about the Linux mailserver frontend that someone else is running for them.
So, for me, my customers don't want to hear it.... they don't want to 'understand', they just want their damned email to 'magically' work.
We as a group, really need to stop making statements like "SPF is not a solution for spam". Taken literally, there is only one 'solution' for spam and that is to take down the internet. To me, SPF is 'a solution', the same as SpamAssassin is 'a solution'. They are all parts which when used together move closer to 'the theoretical yet impossible solution'.
Yes, one can clearly state that SPF is not an anti-spam device, whereas SpamAssassin is. But saying it is not 'a solution for spam' just further muddies the murky water around SPF and in my thinking, just leaves people wondering "why do it?", so they don't.
To me, seeing spammers use these ?all domains is a step in the right direction! I've been seeing in the last few months a huge increase with spammers using webmaster@, postmaster@, abuse@, root@ and other so far 'held sacred' email addresses. Addresses that are often times read by sysadmins, addresses that put them into a bounce rule situation immediately. To me, this says the spammers are getting desparate. The use of ?all domains being another desparate move. At the same time, the use of these ?all domains will add some pressure to change over to -all records. It is just a slow growth or acceptance of SPF. But things do seem to be creeping slowly forward. If we could just get 'big service providers' to turn up the heat more, like maybe requiring at least ?all records (just like was done with PTR records), SPF would suddenly become 'very' important. But how can they netlegallly do that when it is in RFC experimental stage? Adoption will take time. Promotion will shorten that time. If enough major players jump onboard, the politics to give it a RFC number quickly will rise. 

Best Regards,
John Hinton

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] not sure how this is happening[Scanned], Julian Mehnle
Next by Date:  [spf-discuss] Receiver policies, Stuart D. Gathman
Previous by Thread:  Re: [spf-discuss] Latest Spam, Craig Whitmore
Next by Thread:  [spf-discuss] Re: Latest Spam, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]