Stuart D. Gathman wrote:
If forwarders don't reject SPF FAIL and keep the forged mail from as
is they are by definition spam supporters, and the next hop better
rejects this crap. One of us needs more coffee, is it again me ?
Big ISPs don't have the luxury, but I simply only use forwarders that
properly authenticate (mainly because I run the forwarders :-).
However, there are "forwarders" on my list for braindead web service
companies that forge someone elses MAIL FROM. Since they don't forward,
but only send alerts, they are not relaying spam, and I just pretend
they are actually "forwarding".
Makes sene, but it's not unheard of to get this right. Heise.de (German
variant of /.) allows readers to send articles to hopefully interested
parties:
| Return-path: <www(_at_)heise(_dot_)de>
| Delivery-date: Sun, 08 Apr 2007 22:36:16 +0200
| Received: from [194.97.50.135] (helo=mx2.freenet.de)
| by mbox62.freenet.de with esmtpa (ID exim) (Exim 4.67 #3)
| id 1Hae7S-0004zp-3C
| for
[...truncated...]
| From: nobody(_at_)xyzzy(_dot_)claranet(_dot_)de
| Sender: nobody(_at_)xyzzy(_dot_)claranet(_dot_)de
| Reply-To: nobody(_at_)xyzzy(_dot_)claranet(_dot_)de
[...]
| X-Remote-IP: 213.221.75.89
| Subject: heise online: Anti-Spam-Kongress: Strafverfolger sind gefordert
| Message-Id: <E1Hae7P-0004tY-NJ(_dot_)octo20(_at_)web(_dot_)heise(_dot_)de>
[...]
|
| Diese Meldung aus dem heise online-Newsticker wurde Ihnen von
| "nobody(_at_)xyzzy(_dot_)claranet(_dot_)de" gesandt. Wir weisen darauf hin,
dass die
| Absenderangabe nicht verifiziert ist. Sollten Sie Zweifel an der
| Authentizität des Absenders haben, ignorieren Sie diese E-Mail bitte.
| ------------------------------------------------------------------------
| Test
| ------------------------------------------------------------------------
|
| 05.09.2006 16:21
|
| Anti-Spam-Kongress: Strafverfolger sind gefordert
|
| Technisch sind Spammer, Scammer und Phisher nicht zur Strecke zu
[...]
| SpamSpot-Partner Microsoft hat nach Angaben von Craig Spiezle
| inzwischen rund 250 Verfahren gegen Spammer angestrengt. Der
| Microsoft-Manager (Director Windows Live Strategy) unterstrich in Köln
| die "sehr guten Ergebnisse" des Sender ID Framework/SPF[8]. Knapp 40
| Prozent der bei Hotmail eingehenden legitimen E-Mail nutze die im DNS
| hinterlegten IP-Adresseinträge zur Authentifizierung ihrer Mailserver,
| sagte Spiezle gegenüber heise online.
[...]
| URL dieses Artikels:
| http://www.heise.de/newsticker/meldung/77755
[...]
And GMX, a big email provider in at / ch / de (but not more limited to
email today) not only publishes SPF FAIL, they also allow their users
to reject FAIL. Admittedly in an "advanced" part of their config menu,
rejecting FAIL is not their default (but I guess they use it anyway to
improve their default spam rejection results).
Like almost all mail providers I've tested they offer automatical POP3
polls to collect mails from other providers (with that it's unnecessary
to forward mails to a new account).
For a big ISP, the list of trusted forwarders is *per user*. So if
the user picks a braindead forwarder, the forged spam goes in their
mailbox
Okay, but we're talking about a new protocol allowing to improve this
situation without SRS (or the mentioned POP3 polling). This protocol
doesn't need to rehash kludges working without SPF, it can build on
SPF by requiring HELO policies for a hypothetical "AUTH SPFHELO" SASL
mechanism (example). BTW, RFC 2554bis was just approved, it's waiting
for its number now.
Frank
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735