spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Re: SPF queries by a newbie

2006-11-13 20:10:44
On Tue, 14 Nov 2006, Jon Grant wrote:

Where does the blacklist of domains and IPs come from?

Currently, blacklist comes from CBVs and DSNs that bounce or are rejected (yes,
RFC2821 forbids bouncing a DSN, but MTAs do it anyway), and from manually added
domains or emails or IPs.

Whitelist comes from recipients of outgoing email, plus manually added
domains and addresses.

Automatic white/black list entries have time stamps and expire after a
while (configurable, default 30 days).

Can I add my own blacklisted From: user(_at_)host(_dot_)com  to be Rejected 
with
554 as well?

Yes.  Currently, by editing a text file.  Lame - need to add a CGI web page.

So if they put "HELO gmail.com" will that get through even though they
dont have Reverse DNS set up on their IP?

Only if gmail.com resolves to their connect IP.  Which it won't for a spammer
unless they have managed to spoof one of gmails IPs.

Sorry, what's a DSN?

Delivery Status Notification - a message from an MTA with an empty
MAIL FROM (i.e. <>).  The empty MAIL FROM is supposed to signal the
recipient that the message is an auto-response to an earlier message, and
that there should be no bounce in return to prevent mail loops.  Typical
DSNs are things like "we tried to deliver your message for 5 days, but
now we a giving up".  Or in the case of pymilter, "your message was
quarantined because it looked spammy".

Do you ever do a Reject 554 on emails determined spam by Bayesian or
statistically likely to be spam? or having a gif attachment etc?

No.  They are quarantined.  But if the DSN is rejected, then the spam
is rejected (and the sender blacklisted).  Most spams are rejected before
getting quarantined.

Is that an automated email to the user, asking them to confirm they are
a person and not a spam bot etc?  I'm not fond of these, I wrote about
the problems with auto-responder solutions on my webblog:
http://jguk.org/2005/blog_2005_06_01_auto_responder_anti_spam.html

No, it is a DSN.  No action is required of the sender, other than
possibly phoning the recipient to check quarantine, emailing postmaster,
or publishing SPF so they won't get DSNs from joe jobs from 
those like us who check SPF.  We also remember who we send DSNs to and limit it
to once a month (configurable).

Also, because it is a DSN, it is easy to automatically ignore without
SPF by using SRS, BATV, SES or other MAIL FROM signing schemes.  (Not that
many email setups take this simple step - which it why we rate limit the
DSNs.)

Automated response emails would not be a problem if they were actual DSNs as
required by rfc2821.  It is when rfc ignorant autoresponder emails have MAIL
FROMs like normal emails that it becomes a new source of spam.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735