On Thu, 10 Feb 2011, Martin Jericho wrote:
Neither yahoo mail nor gmail seem to reject incoming mail if there is no DNS
record at all for the envelope sender address, allowing spammers to just use
completely fake domains.
Does anyone know why they might choose to have that policy? Is there any
legitimate reason for allowing incoming mail from a fake domain? It doesn't
even get blocked when you turn on the spam filter!
Believe it or not, there are countless clueless, but otherwise "legitimate"
senders who can't get basic things like HELO or MAIL FROM right (much
less SPF). Our customers get such mail rejected from their customers every
month or so. We immediately search the logs, find what brainless thing their
customer is doing, attempt to send mail to postmaster (which usually fails,
because they are after all clueless), and add a special "whitelist" (like
"accept mail from invalid domain email-clueless.com" and hope spammers don't
use it).
Free email outfits like yahoo or gmail simply can't afford to offer this
kind of email tech support. Their system has to be entirely self-serve.
Statistically routing mail to a "spam" folder is something end users
can handle on their own when it doesn't do what they want. Diagnosing
what what idiotic thing this particular sender did, and constructing
a complex whitelist to work around it is not something end users can handle.
It is *not* as simple as "whitelist this email" when the domain is invalid
or forged.
If there was a particular email, then a "Whitelist" button could run
heuristics to identify common sender problems and apply standard workarounds.
But if there was an email, then our customer would not be complaining!
The first problem is *finding* what random invalid domain the stupid
sender is trying to use in the log. In the case of my church, for instance,
they simply had a typo in their MTA config for the MAIL FROM (and
they rewrote the MAIL FROM of all client submissions with the wrong domain).
If people would just send a test email to something like
spf-test(_at_)openspf(_dot_)org
after configuring their server, things would be so much easier.
It would also be nice if they tested their SPF record on openspf.org
before publishing it.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/2183229-668e5d0d
Modify Your Subscription:
https://www.listbox.com/member/?member_id=2183229&id_secret=2183229-a7234b15
Unsubscribe Now:
https://www.listbox.com/unsubscribe/?member_id=2183229&id_secret=2183229-98aa0fe6&post_id=20110209203212:93B6D168-34B5-11E0-BF88-9E0B634668CC
Powered by Listbox: http://www.listbox.com