spf-discuss
[Top] [All Lists]

RE: [spf-discuss] SPF TXT Questions re Effectiveness

2006-11-22 18:46:58
On Wed, 22 Nov 2006, Seth Goodman wrote:

Stuart D. Gathman wrote on Wednesday, November 22, 2006 4:54 PM -0500:

It's when I'm sending a real DSN as the CBV, because a message
is quarantined, for instance, and SPF is none/neutral/pass.

You've sent them a DSN for mail that you've quarantined, presumably
because of a SpamAssassin or virus scan result, and SPF leads you to
believe the return-path is valid.  It's a real DSN with a message
body.  If they send you a DSN because they couldn't deliver your DSN,
after accepting it for delivery, they're creating a mail loop and it
is reasonable to blacklist them.

Does that describe the situation?

Yes, except I'm mostly interested in the fact that the original sender 
doesn't actually exist so I can immediately reject them from now on.  I don't
care as much about the mail loop aspect (although detecting lame DSNs is
important for that too).

All real DSNs contain the original sender, SRS signed, in multiple
header fields, so that lame failure DSNs that are sent instead of
rejecting can let me blacklist the original sender.

It never continues to amaze me how hard you have to work in order to
protect yourself from misconfigured systems.

I spend way too much time on it.  But all our clients are used to 
spam free mailboxes now.  Since email addresses are freely published,
the spam/ham ration is approaching 1000 to 1 - the vast majority of
which are rejected immediately.  Every week or so, someone
responds to a DSN with email to postmaster asking for help in getting set up
with SPF - or at least a valid HELO name ("Oh, so *that's* what you're
supposed to put in that field...").

In the case of one client, his 400Mhz MTA could barely handle the load of
2 million (that's right, 2 *million*) spams per day.  Legitimate mail
was getting delayed up to 16 hours (I installed rate limiting on incoming
port 25 to let it function at all). So we contracted with spamsoap.com to get
rid of the lions share of the junk.  

Before spamsoap, we signed up with a local company who shall remain
nameless.  We told them we were getting 2 million spams a day.  They said, "No
problem!  We'll take care of the spam for you!".  They apparently didn't really
believe us, because as soon as I switched the MX records, they called up mad as
hell.  "You're swamping our servers with spam!  We are shutting you off
immediately, you $^%&*$#!" Right.  Like we shouldn't have believed their
advertising ...  I guess they had never seen such spam volume before and
panicked.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735