You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Screaming Eagle <te...@gmail.com> on 2006/01/12 20:26:22 UTC

flagging forged email as spam...

All,
I am getting spam email with return-path of my domain name, but:

Received: from friend (dsl-201-135-40-163.prod-infinitum.com.mx [
201.135.40.163] (may be forged))

Re: flagging forged email as spam...

Posted by mouss <us...@free.fr>.

Leonardo Rodrigues Magalhães a écrit :
> 
> 
> Matt Kettler escreveu:
> 
>> Screaming Eagle wrote:
>>  
>>
>>> All,
>>> I am getting spam email with return-path of my domain name, but:
>>>
>>> Received: from friend (dsl-201-135-40-163.prod-infinitum.com.mx
>>> <http://dsl-201-135-40-163.prod-infinitum.com.mx> [201.135.40.163
>>> <http://201.135.40.163>] (may be forged))
>>>   
>>
>>
>> Three letters. SPF.
>>
>> Publish a SPF record for your domain, and enable the SPF plugin.
>>
>> After that all mail forging your domain, or any other SPF domain, will
>> get
>> penalized SPF_FAIL or SPF_SOFTFAIL (depending on what your "all"
>> record looks
>> like).
>>
> 
>    Even better ..... get your MTA to reject spoofed messages with your
> domain !!!
> 

It's not better:

- for people using fetchmail or getting mail from other MX'es (MSP...):
they can't reject at mta level (in the fetchamil case, that would cause
an unwanted bounce). so SA comes in handy.

- In direct reception case, you should also allow other people to
benefit from the same protection if you do that. so set an spf record:
no reason to let other people accept mail that you would consider forged.

note that this "breaks forwarding", but that's a different story.

Re: flagging forged email as spam...

Posted by Leonardo Rodrigues Magalhães <le...@solutti.com.br>.


Matt Kettler escreveu:

>Screaming Eagle wrote:
>  
>
>>All,
>>I am getting spam email with return-path of my domain name, but:
>>
>>Received: from friend (dsl-201-135-40-163.prod-infinitum.com.mx
>><http://dsl-201-135-40-163.prod-infinitum.com.mx> [201.135.40.163
>><http://201.135.40.163>] (may be forged))
>>    
>>
>
>Three letters. SPF.
>
>Publish a SPF record for your domain, and enable the SPF plugin.
>
>After that all mail forging your domain, or any other SPF domain, will get
>penalized SPF_FAIL or SPF_SOFTFAIL (depending on what your "all" record looks
>like).
>

    Even better ..... get your MTA to reject spoofed messages with your 
domain !!!

-- 


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br

	Minha armadilha de SPAM, NÃO mandem email
	gertrudes@solutti.com.br
	My SPAMTRAP, do not email it

Re: flagging forged email as spam...

Posted by Screaming Eagle <te...@gmail.com>.

All, I believe SPF pluging is active: "loadplugin
Mail::SpamAssassin::Plugin::SPF". How do I find out if this is activive in
my configurations. If it is not, could some one points me in the right
direction.

Thanks.

On 1/12/06, Matt Kettler <mk...@evi-inc.com> wrote:
>
> Screaming Eagle wrote:
> > All,
> > I am getting spam email with return-path of my domain name, but:
> >
> > Received: from friend (dsl-201-135-40-163.prod-infinitum.com.mx
> > <http://dsl-201-135-40-163.prod-infinitum.com.mx> [201.135.40.163
> > <http://201.135.40.163>] (may be forged))
>
> Three letters. SPF.
>
> Publish a SPF record for your domain, and enable the SPF plugin.
>
> After that all mail forging your domain, or any other SPF domain, will get
> penalized SPF_FAIL or SPF_SOFTFAIL (depending on what your "all" record
> looks
> like).
>
> From there you can adjust the score of SPF_FAIL, or make a meta test that
> checks
> for SPF failures for your domain and hits them hard.
>

Re: flagging forged email as spam...

Posted by Matt Kettler <mk...@evi-inc.com>.

Screaming Eagle wrote:
> All,
> I am getting spam email with return-path of my domain name, but:
> 
> Received: from friend (dsl-201-135-40-163.prod-infinitum.com.mx
> <http://dsl-201-135-40-163.prod-infinitum.com.mx> [201.135.40.163
> <http://201.135.40.163>] (may be forged))

Three letters. SPF.

Publish a SPF record for your domain, and enable the SPF plugin.

After that all mail forging your domain, or any other SPF domain, will get
penalized SPF_FAIL or SPF_SOFTFAIL (depending on what your "all" record looks
like).

>From there you can adjust the score of SPF_FAIL, or make a meta test that checks
for SPF failures for your domain and hits them hard.