[Dshield] Are you using spf records?

Martin Forest martin at forest.gen.nz
Sat Jan 7 06:36:40 GMT 2006


On Fri, 06 Jan 2006 14:56:58 +1300, Tom <dshield at oitc.com> wrote:

> So explain to me how your user who forwards email to someplace else
> can show sender reputation? It can't without rewriting headers which
> is a violation of ALL current RFCs concerning mail. You want sender
> reputation, sign all documents with PGP but this will not give it to
> you.

Depends on how you look at email. If you want to use email as in the "good  
old days" beore bilions of people used it, well, they spam checking, spf  
etc is more or less useless. However, for most business today, smtp is the  
only well used protocoll for "batch mail". And I would _guess_ 90-95% of  
all busines only have one or two email servers, or very limite numbers of  
them. When auditing email and spam, It is very rare to find an email that  
have done more than 3 or 4 jumps! And in NZ for example, all business  
email must be archived in a minimum of 7 years. If you send business email  
 from home, "spoofing" your corporate email address, you are violating the  
law. If you want to send email from home, you should use your personal  
email address (from the ISP or personal domain) and use _reply to_.

(PGP, hmm, was good a few years ago...)

>
> Martin, if it would really work the big boys in mail like outblaze
> (among others) would not pull support for SPF:
> http://www.merlesworld.com/webbbs/webbbs_config.pl?noframes;read=341

Sounds silly to me. All of it is trying to improve a flawed protocol. SPF  
or something similar is only a short fix. What we need is a new mail  
protocol that is bac compatibla for a transition period.

>
> And its worse if you're a little guy with a mailserver on BIGISP who
> closes your outbound port 25 and makes you use his mailservers for
> outbound "to protect from miss use" (true stories) because his public
> outbound servers/IPs are are not documented! Try to find list of
> verizon, sbc, bellsouth, etc outbounds let alone bt, hkcable, etc.

Not a problem. I can send on port 25 but for some reason, the subnet I'm  
on is listed as dialup/dynamic on several rbl lists. :( so I relay with my  
ISP's mail servers. That's why my spf include my isp's mx and mail server  
subnets. And I will soonish change to -All as I have not seen any issues.  
:)

>
> What it all comes down to is that to deal with forwarding issues and
> use of unknown outbounds (and other issues as well) SPF just 1)
> doesn't hack it and 2) would force major changes in RFCs with little
> return on the necessary massive worldwide investment.

Having emails taking "unknown" routes, is like having a mailsystem that  
may or may not deliver! These ISP's you are talking about, are they as  
keen to filter hacking, attacks, spam...? If so, I wish we had some of  
them in NZ! The more crap that our ISP's let through, the more money they  
make as almost all internet traffic is charged per Meg. :( Needless to say  
that they love spam bots, DOS attacks etc.
/martin



More information about the list mailing list