You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Screaming Eagle <te...@gmail.com> on 2006/01/12 20:26:22 UTC
flagging forged email as spam...
All,
I am getting spam email with return-path of my domain name, but:
Received: from friend (dsl-201-135-40-163.prod-infinitum.com.mx [
201.135.40.163] (may be forged))
Re: flagging forged email as spam...
Posted by mouss <us...@free.fr>.
Leonardo Rodrigues Magalhães a écrit :
>
>
> Matt Kettler escreveu:
>
>> Screaming Eagle wrote:
>>
>>
>>> All,
>>> I am getting spam email with return-path of my domain name, but:
>>>
>>> Received: from friend (dsl-201-135-40-163.prod-infinitum.com.mx
>>> <http://dsl-201-135-40-163.prod-infinitum.com.mx> [201.135.40.163
>>> <http://201.135.40.163>] (may be forged))
>>>
>>
>>
>> Three letters. SPF.
>>
>> Publish a SPF record for your domain, and enable the SPF plugin.
>>
>> After that all mail forging your domain, or any other SPF domain, will
>> get
>> penalized SPF_FAIL or SPF_SOFTFAIL (depending on what your "all"
>> record looks
>> like).
>>
>
> Even better ..... get your MTA to reject spoofed messages with your
> domain !!!
>
It's not better:
- for people using fetchmail or getting mail from other MX'es (MSP...):
they can't reject at mta level (in the fetchamil case, that would cause
an unwanted bounce). so SA comes in handy.
- In direct reception case, you should also allow other people to
benefit from the same protection if you do that. so set an spf record:
no reason to let other people accept mail that you would consider forged.
note that this "breaks forwarding", but that's a different story.
Re: flagging forged email as spam...
Posted by Leonardo Rodrigues Magalhães <le...@solutti.com.br>.
Matt Kettler escreveu:
>Screaming Eagle wrote:
>
>
>>All,
>>I am getting spam email with return-path of my domain name, but:
>>
>>Received: from friend (dsl-201-135-40-163.prod-infinitum.com.mx
>><http://dsl-201-135-40-163.prod-infinitum.com.mx> [201.135.40.163
>><http://201.135.40.163>] (may be forged))
>>
>>
>
>Three letters. SPF.
>
>Publish a SPF record for your domain, and enable the SPF plugin.
>
>After that all mail forging your domain, or any other SPF domain, will get
>penalized SPF_FAIL or SPF_SOFTFAIL (depending on what your "all" record looks
>like).
>
Even better ..... get your MTA to reject spoofed messages with your
domain !!!
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email it
Re: flagging forged email as spam...
Posted by Screaming Eagle <te...@gmail.com>.
All, I believe SPF pluging is active: "loadplugin
Mail::SpamAssassin::Plugin::SPF". How do I find out if this is activive in
my configurations. If it is not, could some one points me in the right
direction.
Thanks.
On 1/12/06, Matt Kettler <mk...@evi-inc.com> wrote:
>
> Screaming Eagle wrote:
> > All,
> > I am getting spam email with return-path of my domain name, but:
> >
> > Received: from friend (dsl-201-135-40-163.prod-infinitum.com.mx
> > <http://dsl-201-135-40-163.prod-infinitum.com.mx> [201.135.40.163
> > <http://201.135.40.163>] (may be forged))
>
> Three letters. SPF.
>
> Publish a SPF record for your domain, and enable the SPF plugin.
>
> After that all mail forging your domain, or any other SPF domain, will get
> penalized SPF_FAIL or SPF_SOFTFAIL (depending on what your "all" record
> looks
> like).
>
> From there you can adjust the score of SPF_FAIL, or make a meta test that
> checks
> for SPF failures for your domain and hits them hard.
>
Re: flagging forged email as spam...
Posted by Matt Kettler <mk...@evi-inc.com>.
Screaming Eagle wrote:
> All,
> I am getting spam email with return-path of my domain name, but:
>
> Received: from friend (dsl-201-135-40-163.prod-infinitum.com.mx
> <http://dsl-201-135-40-163.prod-infinitum.com.mx> [201.135.40.163
> <http://201.135.40.163>] (may be forged))
Three letters. SPF.
Publish a SPF record for your domain, and enable the SPF plugin.
After that all mail forging your domain, or any other SPF domain, will get
penalized SPF_FAIL or SPF_SOFTFAIL (depending on what your "all" record looks
like).
>From there you can adjust the score of SPF_FAIL, or make a meta test that checks
for SPF failures for your domain and hits them hard.