Stuart D. Gathman wrote on Monday, December 04, 2006 7:20 PM -0600:
The problem is that a spam from example.com with SPF neutral does not
let me blacklist example.com with confidence. Example.com might be
a joe job victim that has yet to publish an SPF record.
OK, I see what you're saying: no SPF pass, no domain-based anything. To
get SPF neutral/none, the spam either comes from:
1) any IP, claiming a domain with no SPF record, or
2) a designated mailer with a neutral SPF result.
The recipient must treat both cases the same. A reasonable action is to
blacklist by IP and expect collateral damage. When a recipient checks
SPF:
SPF result action
------------- ------------------------------------------
pass use domain and IP reputation
fail reject (put fingers in ears, say la-la-la)
no SPF record use IP reputation
neutral use IP reputation
If a domain designates its shared host as neutral, recipients have still
applied IP reputation right after establishing the TCP connection, and
they will terminate the connection if it is unfavorable, no matter what
SPF says. Even though the sender says they don't trust their provider's
host, they are still stuck with its reputation. Is this materially
different from designating the host as permitted? I suppose if a
spammer sharing your host targets your domain, you are better off with
the host IP reputation, which you get by designating the host with SPF
neutral. This will cause other customers' forgeries of your domain from
that host, as well as your own legitimate mail, to be more deliverable.
The question here is whether it is a bad thing for others' forgeries of
your domain on your shared host to count against your domain reputation?
While I don't like the idea of letting the operator of a shared host off
more easily when they permit cross-customer forgery, that's really
between the host operators and their customers. This is not the answer
I hoped for, but it is probably the best you can do on a shared host
that does not actively prevent cross-customer forgery.
--
Seth Goodman
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735