At 11:54 AM 10/20/2008 -0400, Stuart D. Gathman wrote:
On Sat, 18 Oct 2008, David MacQuigg wrote:
Senders change their IPs. If they have an SPF record, this is transparent.
For important senders with no SPF record, I can create a local one manually
to positively identify them.
How many of these records do you maintain? How much time does it take?
Currently 90. Very little time. Most senders are handled by the
default best guess - "v=spf1 a/24 mx/24 ptr". The local records are treated as
alternate "best guess" policies. For example:
$ORIGIN _spf.bmsi.com.
fedoraproject.org IN TXT "v=spf1 ptr:redhat.com ?all"
This is basically the same strategy I am following - best guess blocks around
known good addresses, and quarantine for the rest.
This strategy does not "positively identify" a sender, however. Recently, I
saw a bunch of messages from yahoo.com going to quarantine. A little research
showed that they had started using transmitters from akamai.com, so I added all
of Akamai's blocks, and now things are back to "normal" with Yahoo, at least
until they add some more blocks somewhere else. This is too much labor, and
too unreliable for a long-term solution that might include thousands, or even
millions of domains.
Long-term, we need a way to motivate senders like Yahoo to publish their
authorized IP addresses. We cannot reject their messages, but we can send an
SMTP reject with a message like: "Sorry! We cannot guarantee delivery of this
message. yahoo.com does not offer sufficient authentication to prevent forgery.
We will run it through our spam filter, and keep it in our quarantine, but the
recipient may not read it."
I think most senders will comply after seeing a large number of these messages.
Yahoo may be special, however, since they have a vested interest in a
competing protocol. We've got to sell the idea that its not either-or, but
*both* protocols are needed.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com