spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Re: spamcop and DSN

2006-08-30 20:40:45
from [Alex van den Bogaerdt] [Permanent Link] 
On Thu, Aug 31, 2006 at 04:13:16AM +0200, Frank Ellermann wrote:


I send 1 DSN per braindead mailbox per month.  The rate is
very low.  Just publishing an SPF record, even a default
neutral one, prevents the DSN


I'd agree, Alex disagrees, and obviously Spamcop disagrees.


...


For a real victim (no spamtrap) your rate is beside the point:


So far we seem to agree; I already wrote that.

[snip]


Precisely the same end result as when you send the DSN, but
without risk to run into spam traps.


And again we seem to agree.


I say don't send DSN unless you know, for sure, that the actual
sender is indeed the one mentioned in the return path.  This can
be done with SPF.  ISTR you did agree on this as well.

[checking...]

On Wed, Aug 30, 2006 at 02:45:02AM +0200, Frank Ellermann wrote:

AFAIK they know this.  I wonder why you send unsolicited
DSNs to unverified Return-Paths.  That's net abuse, or did
I miss something in your scenario ?


Yep, we do.

Worse:

In this case Stuart sends a DSN:


b) SPF NONE, no PTR, invalid HELO, no guessed pass (3 strikes) - there are a
  LOT of otherwise legitimate senders with this braindead setup.  It causes a
  lot of problems to simply reject them because they are clueless (or
  they would have done it right) and don't know what to do.


Three out of four.  Let's see.  I am hiding at a crappy provider (no
reverse DNS setup but more importantly no pescy abuse department
bothering me while I am conducting my business), I am no where near
the network where my sender address is expected (china would be nice),
and I am lying about my hostname.  That would qualify, wouldn't it?

That's not a braindead setup, that's most likely a forger.  And this
is _not_ where the DSN is going to, the DSN is going to the victim.


Frank, are you sure you agree with Stuart and disagree with spamcop?

Alex

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] Re: spamcop and DSN, Frank Ellermann
Next by Date:  Re: [spf-discuss] Re: spam.co.nz, Scott Kitterman
Previous by Thread:  [spf-discuss] Re: spamcop and DSN, Frank Ellermann
Next by Thread:  Re: [spf-discuss] Re: spamcop and DSN, Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]