On Mon, 20 Nov 2006 17:41:57 +0100 Alex van den Bogaerdt
<alex(_at_)ergens(_dot_)op(_dot_)het(_dot_)net> wrote:
On Sun, Nov 19, 2006 at 08:58:56PM -0500, George Hitz wrote:
I am still receiving "bounced" e-mail messages which are sent
to
<various alpha strings>@hitz.org so that would indicate
someone is still able to send out spam using my domain, yes?
Should this still be happening?
I have seen reports that this will, eventually, go away because your
domain isn't interesting to spammers anymore when you publish an SPF
record.
As can be seen, the question and its answer occurred on
November 2nd. I am STILL receiving bounced e-mail
notifications sent to me with what appears to be machine
genererated four and five character alpha user names (random,
senseless names) @hitz.org My "catch-all" account receives
them.
Yes. I wasn't thinking about two weeks when I wrote "eventually".
In my case, IIRC, it took about 2 months for my spammer to move on. Based
on reports here and spf-help, it appears to me that some spammers are not
deterred by an SPF record, but most are.
I also told you that SPF is for receivers, so that they know it
was you, and that SES et al is for senders (like you) to protect
yourself against bounces.
This is a more complete solution, but more difficult for non-tehnical
domain owners.
This process is quite difficult for me to get my hands
(and mind) around to understand just what is going on.
If you still think that SPF is a solution against bounces, I really
urge you to read our conversation again. I have told you that your
expectations are wrong.
I'd say expections are to much, but having hope is not unreasonable. It's
worked out well for a number of us.
One more try:
SPF: receivers can know the message is a forgery, and will thus not
complain to you about those blue pill messages.
SES: senders, like you, are signing outgoing mail. When someone
sends a bounce, you can see if that bounce was a result of a legitimate
message or not.
Why does SPF exist: because it is lightweight and saves computing power.
If a message is a forgery, why waste time computing cookies or doing
blacklist lookups.
Yes and, as a side benefit, if SPF rejects impede the delivery of the 'blue
pill' messages, the sender of such messages may move on and pick on someone
else.
Scott K
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735