spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Promoting NEUTRAL or SOFTFAIL result to FAIL

2006-02-25 17:01:05
"Hector Santos" <spf-discuss(_at_)winserver(_dot_)com> writes:

----- Original Message -----
From: "David Mazieres (no direct replies)" 
<dm-list-spf(_at_)scs(_dot_)stanford(_dot_)edu>

It is a clear cut voilation if SPF(MFROM) returns anything but a
FAIL or PASS because the client is stating it is inside the
secured autorized sending network.

Not necessarily.  Suppose the domain name is the name of a laptop
computer that sends mail from various IP addresses in addition to it's
primary (main) address.  The laptop's owner might just publish a
record saying:

   v=spf1 ?all

Such a setup is not even as unreasonable as it sounds...

If I understand you, this implies an authenticated transaction requirement
in which case, atleast for our security implementation, SPF does not apply.
More below.

Not necessarily.  I know people who send mail directly from their
laptops, without relaying through a trusted host.  I don't necessarily
think this is a good idea.  However, someone who reads the SPF spec is
entitled to believe this is reasonable to do in conjunction with a
"v=spf1 ?all" SPF record.

That said, I wouldn't be surprised to hear that a lot of spammers just
issue the same HELO name as the mail-from domain.  Thus, I can
understand why this rule might catch a lot of spam.

Its done in a vain attempt to make it look like its come from inside the
same network.

Back in 2004, I did an extensive analysis of the LMAP states to develop a
SPF model that reflects when SPF is necessary (to reduce overhead).

See:

http://www.winserver.com/public/antispam/lmap/draft-lmapanalysis1.htm

For the most part, I was one of the hawks for not ignore the helo domain as
was done during the initial SPF draft specifications.  Our implementation
uses most of the logic development from the LMAP analysis.

The specs were updated to better support the HELO domain considerations, but
we have not updated it to reflect the actual SPEC changes.

I wish the SPF language had an "equals" mechanism that let you compare
the expansion of macros.  For example, it would be nice to be able to
publish an SPF record like this:

   v=spf1 ptr -equals:%{o}:%{h} ?all

Basically saying that if the ptr check fails, then Fail if the sender
domain matches the HELO string.  You can sometimes achieve similar
effects using the exists: mechanism, but in a lot of situations it's a
lot more cumbersome.

David

-- 
This message was sent from a non-repliable address for a closed mailing list.
If you wish to reply directly to me, you can use the following address, which
expires on 11 Mar 2006:
    
<mazieres-yq58yb3ehgdyzcn7qhfte6uuue(_at_)temporary-address(_dot_)scs(_dot_)stanford(_dot_)edu>

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com