[unisog] Numeric SPAM

Gene Rackow rackow at mcs.anl.gov
Tue Jun 6 18:39:06 GMT 2006


I agree that this is not a case of SPF being able to detect your
local addresses.

Anyone who thinks that SPF can save anyone hasn't really looked
at the problems that it causes.  I'm sure that those strongly in
favor of SPF will have solutions, but I haven't seen them.

This mailing list is an example.  The message claims to have be from
the University of NotreDame, yet I happened to get it via sans.org.
Can I trust that it was sent bu Paul?  If I only check the
headers of the message, what prevents that from being faked?

How many people deal with mail forwarding?  Many of your students will
forward mail elsewhere.  Does that mean that all their university 
friends and contacts need to switch to their new email address or the
mail gets rejected?  Even if it's only for the summer?

In the ideal world of spf, all mail would be point to point. No forwarding.
How many people forward their telephone elsewhere when on travel or vacation or..

Mailing lists would need to completely redo how they handle things so the
message isn't coming from the sender, but the list.  Makes replys nasty.

Many sites are not dealing with SPF records since the implementation
is so flawed, it causes more problems on false hits than it solves.

-_Gene

Paul Russell made the following keystrokes:
 >On 6/6/2006 11:43, Valdis.Kletnieks at vt.edu wrote:
 >> And that's probably SPF's biggest problem - you can't really *rely* on it
 >> to stop forgeries until a vast majority of sites publish a hardfail SPF,
 >> including *all* the 800pound gorillas.  AOL has a ?all, Hotmail and MSN
 >> both show a ~all.  And so on.
 >
 >Whether SPF can or cannot detect forged sender address from external domains
 >is not the issue in this case. One of the characteristics of the spam that
 >started this thread is that the recipient address is forged as the sender
 >address. You should not need SPF to determine whether sender addresses in your
 >own domain are forged on messages presented to your own servers.
 >
 >-- 
 >Paul Russell, Senior Systems Administrator
 >OIT Messaging Services Team
 >University of Notre Dame
 >prussell at nd.edu
 >_______________________________________________
 >unisog mailing list
 >unisog at lists.sans.org
 >http://www.dshield.org/mailman/listinfo/unisog
 >


More information about the unisog mailing list