spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Rejecting "Best-Guess" failures

2006-07-20 14:03:17
from [Robert Millan] [Permanent Link] 
On Thu, Jul 20, 2006 at 04:29:01PM -0400, Scott Kitterman wrote:


Are you sure?  Note that the phrase in which SPF is mentioned is quite
positive.  I.e. it presents it to the reader as the solution of the
problem, rather than the cause of it.


Keep in mind that one of the things that I do is answer web site submission 
queries, so I may be biased because I deal with lots of people who the first 
time they heard of SPF was when their mail wouldn't go through <rant>(I will 
say again that DNS providers must not publish SPF records for their customers 
without consulting them - people who use DNS providers that are willing to 
make arbitrary changes to their DNS records without consulting shoud find a 
different provider) </rant>.

As I said, I can't think of a way to make it better.


Well, since the fundamental purpose of SPF is rejecting (some) mail, I don't
think it could happen in any other way.  The big difference (IMHO) is between
systems that make email fail _and_ provide a viable solution, and those who
don't.

When got trapped by DNSBLs that include dynamic IPs (like, _my_ dynamic IP),
then I got really angry about this system, because I had no chance to escape
from it.  SPF, on the contrary, provides a way to solve the problem, even for
dynamic IPs.


If mean that he tests an inbound message for three things:

1.  Does the client IP have a reverse DNS PTR record?
2.  Does it use a legit (FQDN) HELO name?
3.  Does the mail from of the message Pass SPF?

Any one of those is enough to save the message from outright rejection.  


I don't like it.  Compliing with #1 and #2 is too easy for a spammer, and
they're only exposing their IP/hostname which I don't want to blacklist (the
paragraph above should explain why).  OTOH, if they're forced to expose their
domain name, I'll be glad to blacklist that.

-- 
Robert Millan

My spam trap is honeypot(_at_)aybabtu(_dot_)com(_dot_)  Note: this address is 
only intended for
spam harvesters.  Writing to it will get you added to my black list.

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Re: Rejecting "Best-Guess" failures, Scott Kitterman
Next by Date:  Re: [spf-discuss] Rejecting "Best-Guess" failures, Robert Millan
Previous by Thread:  Re: [spf-discuss] Rejecting "Best-Guess" failures, Scott Kitterman
Next by Thread:  Re: [spf-discuss] Rejecting "Best-Guess" failures, Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]