[Dshield] Are you using spf records?
martin at forest.gen.nz
Sat Jan 7 06:36:40 GMT 2006
On Fri, 06 Jan 2006 14:56:58 +1300, Tom <dshield at oitc.com> wrote:
> So explain to me how your user who forwards email to someplace else
> can show sender reputation? It can't without rewriting headers which
> is a violation of ALL current RFCs concerning mail. You want sender
> reputation, sign all documents with PGP but this will not give it to
Depends on how you look at email. If you want to use email as in the "good
old days" beore bilions of people used it, well, they spam checking, spf
etc is more or less useless. However, for most business today, smtp is the
only well used protocoll for "batch mail". And I would _guess_ 90-95% of
all busines only have one or two email servers, or very limite numbers of
them. When auditing email and spam, It is very rare to find an email that
have done more than 3 or 4 jumps! And in NZ for example, all business
email must be archived in a minimum of 7 years. If you send business email
from home, "spoofing" your corporate email address, you are violating the
law. If you want to send email from home, you should use your personal
email address (from the ISP or personal domain) and use _reply to_.
(PGP, hmm, was good a few years ago...)
> Martin, if it would really work the big boys in mail like outblaze
> (among others) would not pull support for SPF:
Sounds silly to me. All of it is trying to improve a flawed protocol. SPF
or something similar is only a short fix. What we need is a new mail
protocol that is bac compatibla for a transition period.
> And its worse if you're a little guy with a mailserver on BIGISP who
> closes your outbound port 25 and makes you use his mailservers for
> outbound "to protect from miss use" (true stories) because his public
> outbound servers/IPs are are not documented! Try to find list of
> verizon, sbc, bellsouth, etc outbounds let alone bt, hkcable, etc.
Not a problem. I can send on port 25 but for some reason, the subnet I'm
on is listed as dialup/dynamic on several rbl lists. :( so I relay with my
ISP's mail servers. That's why my spf include my isp's mx and mail server
subnets. And I will soonish change to -All as I have not seen any issues.
> What it all comes down to is that to deal with forwarding issues and
> use of unknown outbounds (and other issues as well) SPF just 1)
> doesn't hack it and 2) would force major changes in RFCs with little
> return on the necessary massive worldwide investment.
Having emails taking "unknown" routes, is like having a mailsystem that
may or may not deliver! These ISP's you are talking about, are they as
keen to filter hacking, attacks, spam...? If so, I wish we had some of
them in NZ! The more crap that our ISP's let through, the more money they
make as almost all internet traffic is charged per Meg. :( Needless to say
that they love spam bots, DOS attacks etc.
More information about the list