spf-discuss
[Top] [All Lists]

[spf-discuss] Re: out of the starting gate, SPF is broke

2007-03-01 21:00:33
SPF is a tool, not a silver bullet.  Tools that are helpful are
often worthwhile even if they do not do the entire job.

-dgl-

bill ries-knight wrote:

I have been wondering for some time now on the true value of SPF in
the real world.  I feel that, out of the starting gate, SPF is broke.
The issue I have concerns about is the hiding of a company behind SPF
while "following the rules" to continue sending spam.  The continued
use of SPF by spammers to merely authenticate their servers.

That's not pointless.  Most spam (not your example) today uses forged
envelope sender addresses.  If you don't reject it immediately you're
forced to either drop it later (bad if it was legit mail, also known as
false positive), or to bounce it later (bad if the envelope sender was
bogus, you'd hit innocent bystanders with your bounces).

For your example (SPF PASS turns out to be spam) you can bounce it
later, it won't hit an innocent bystander.  Based on the SPF PASS you
can accept the "mail or spam", and use more expensive checks _behind_
your MX (e.g. on a separate box), because you know that bounces would
work.

In theory you could also note PASSing domains sending spam as "known
spammer", a kind of mini-reputation system.  But I doubt that this 
makes sense for something like rmcdcjrgqb(_at_)yarnbasketball(_dot_)com - it's
a typical "Leo" domain name.

An SPF PASS from an unknown stranger isn't much, but it's still more
than nothing, it gives you the time for post-SMTP checks.

Frank


-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735

<Prev in Thread] Current Thread [Next in Thread>
  • [spf-discuss] Re: out of the starting gate, SPF is broke, Don Lee <=