Re: [spf-discuss] Latest Spam
2006-01-27 09:47:14
Craig Whitmore wrote:
SPF is *NOT* a solution for spam. It might help though as it is meant
for validating the origin of the message and a spammer needs to pick a
valid source domain.
Yes.. true.. but it seems that a lot of domains have SPF records, but
they mean nothing really
in SPF as they don't protect the domains from being plished at all
with the ?all
Thanks
Craig
I for one got burned by adding a perfect SPF record.. precisely correct
for my situation. What happened? Someone on the other end was using a
forwarding service and then had a SPF checker running on their server.
It saw the forwarding mail IP, checked that against my record and
bounced everything.
If this was only one situation out there I would have just left my stuff
alone, but, it seems that there are many malconfigured receiving
machines... To me the bottom line is it is still too early to write a
hard rule. ?all has not had any apparent problems such as this. Also, I
think ?all was designed not only for outgoing, but also for incoming
problems, like the one above.
The trouble is SPF is not well known yet. It needs promotion. Its the
beautiful new piece of software sitting on someone's computer, which is
not connected to the internet and just sitting in some attic. I know,
it's not that bad as it is out there, but it is just not explained nor
understood very well yet. (my reason for so many posts some months back
about getting the website updated to have 'good' content)
The people on this end don't seem to realize that their are many
sysadmins out their that don't know squat about DNS, mailservers, or
even really much about internet servers at all, but instead just click
in check boxes to 'turn stuff on' or 'turn stuff off' and configuration
is all a blind backend, and understanding is way behind that. So, in the
battle against spam, someone just turns everything on in an Exchange
server for instance.. and never stops to think about the Linux
mailserver frontend that someone else is running for them.
So, for me, my customers don't want to hear it.... they don't want to
'understand', they just want their damned email to 'magically' work.
We as a group, really need to stop making statements like "SPF is not a
solution for spam". Taken literally, there is only one 'solution' for
spam and that is to take down the internet. To me, SPF is 'a solution',
the same as SpamAssassin is 'a solution'. They are all parts which when
used together move closer to 'the theoretical yet impossible solution'.
Yes, one can clearly state that SPF is not an anti-spam device, whereas
SpamAssassin is. But saying it is not 'a solution for spam' just further
muddies the murky water around SPF and in my thinking, just leaves
people wondering "why do it?", so they don't.
To me, seeing spammers use these ?all domains is a step in the right
direction! I've been seeing in the last few months a huge increase with
spammers using webmaster@, postmaster@, abuse@, root@ and other so far
'held sacred' email addresses. Addresses that are often times read by
sysadmins, addresses that put them into a bounce rule situation
immediately. To me, this says the spammers are getting desparate. The
use of ?all domains being another desparate move. At the same time, the
use of these ?all domains will add some pressure to change over to -all
records. It is just a slow growth or acceptance of SPF. But things do
seem to be creeping slowly forward. If we could just get 'big service
providers' to turn up the heat more, like maybe requiring at least ?all
records (just like was done with PTR records), SPF would suddenly become
'very' important. But how can they netlegallly do that when it is in RFC
experimental stage? Adoption will take time. Promotion will shorten that
time. If enough major players jump onboard, the politics to give it a
RFC number quickly will rise.
Best Regards,
John Hinton
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
|
|