There is still a point, because although some ESP's may not block
forged/non-existent domains, many mail servers do, more and more.
And more and more use SPF as an indicator toward spam (which is often
forgery) or not.
So having an SPF record can help your domain get successful delivery.
And can help you from some forgery should it ever sneak up on you.
I am all for "do not fix something that is not broken",
but remember also that "an ounce of prevention is worth a pound of cure".
SPF may be that ounce of prevention.
Terry
Terry Fielder
terry(_at_)greatgulfhomes(_dot_)com
Associate Director Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
Fax: (416) 441-9085
On 2/10/2011 12:33 AM, Martin Jericho wrote:
Hi Stuart,
Thanks for your explanation - although I'm not convinced about the
reasoning.
If Google and Yahoo just allow email from invalid domains because
there are too many incorrectly configured sender mail servers,
wouldn't the same argument mean they also just ignore SPF because
there are so many incorrectly configured SPF records? From the
evidence I've seen they do check SPF records for real domains but just
let fake domains through without even marking them as spam.
If all mail servers did the sensible thing as mentioned here:
http://www.openspf.org/FAQ/Blocking_spam, and all domains had SPF
records, spammers would indeed have a hard time. The fact that Google
and Yahoo allow fake domains through really makes SPF completely
impotent as a weapon to fight spam. In the cartoon guide
(http://old.openspf.org/aspen.html) this would be represented by a
huge bell curve called "fake domains" that dwarfs the other two and is
a free ticket to spammers.
The fundamental question I'm trying to get at is:
Should I bother setting up and maintaining SPF records if my domains
are not currently suffering from any forged identity problems? I would
do it happily if it contributed to the internet community's fight
against spam, but unless major email service providers close the fake
domain loophole, there doesn't seem to be any point.
Cheers
Martin
----- Original Message ----- From: "Stuart D. Gathman"
<stuart(_at_)bmsi(_dot_)com>
To: <spf-discuss(_at_)listbox(_dot_)com>
Sent: Thursday, February 10, 2011 12:31 PM
Subject: Re: [spf-discuss] Yahoo mail and Gmail policy explanation?
On Thu, 10 Feb 2011, Martin Jericho wrote:
Neither yahoo mail nor gmail seem to reject incoming mail if there
is no DNS
record at all for the envelope sender address, allowing spammers to
just use
completely fake domains.
Does anyone know why they might choose to have that policy? Is there
any
legitimate reason for allowing incoming mail from a fake domain? It
doesn't
even get blocked when you turn on the spam filter!
Believe it or not, there are countless clueless, but otherwise
"legitimate"
senders who can't get basic things like HELO or MAIL FROM right (much
less SPF). Our customers get such mail rejected from their customers
every
month or so. We immediately search the logs, find what brainless
thing their
customer is doing, attempt to send mail to postmaster (which usually
fails,
because they are after all clueless), and add a special "whitelist"
(like
"accept mail from invalid domain email-clueless.com" and hope
spammers don't
use it).
Free email outfits like yahoo or gmail simply can't afford to offer this
kind of email tech support. Their system has to be entirely self-serve.
Statistically routing mail to a "spam" folder is something end users
can handle on their own when it doesn't do what they want. Diagnosing
what what idiotic thing this particular sender did, and constructing
a complex whitelist to work around it is not something end users can
handle.
It is *not* as simple as "whitelist this email" when the domain is
invalid
or forged.
If there was a particular email, then a "Whitelist" button could run
heuristics to identify common sender problems and apply standard
workarounds.
But if there was an email, then our customer would not be complaining!
The first problem is *finding* what random invalid domain the stupid
sender is trying to use in the log. In the case of my church, for
instance,
they simply had a typo in their MTA config for the MAIL FROM (and
they rewrote the MAIL FROM of all client submissions with the wrong
domain).
If people would just send a test email to something like
spf-test(_at_)openspf(_dot_)org
after configuring their server, things would be so much easier.
It would also be nice if they tested their SPF record on openspf.org
before publishing it.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703
591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed:
https://www.listbox.com/member/archive/rss/735/20472388-958fad67
Modify Your Subscription: https://www.listbox.com/member/?&
Unsubscribe Now:
https://www.listbox.com/unsubscribe/?&&post_id=20110209203212:93B6D168-34B5-11E0-BF88-9E0B634668CC
Powered by Listbox: http://www.listbox.com
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/1068817-8ce620fc
Modify Your Subscription:
https://www.listbox.com/member/?&
Unsubscribe Now:
https://www.listbox.com/unsubscribe/?&&post_id=20110210003411:626FF0A4-34D7-11E0-8032-CB15B0C564E0
Powered by Listbox: http://www.listbox.com
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/2183229-668e5d0d
Modify Your Subscription:
https://www.listbox.com/member/?member_id=2183229&id_secret=2183229-a7234b15
Unsubscribe Now:
https://www.listbox.com/unsubscribe/?member_id=2183229&id_secret=2183229-98aa0fe6&post_id=20110210151545:A2B08054-3552-11E0-8456-1A52F559ED1D
Powered by Listbox: http://www.listbox.com