You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2008/04/02 11:08:23 UTC
Re: Dramatic increase in bounce messages to forged addresses
John Hardin writes:
> On Tue, 1 Apr 2008, William Terry wrote:
>
> > Is there anything I can do to mitigate this?
>
> Do you publish SPF records?
Logically this should have an effect, but in real-world terms, it doesn't.
So don't worry about it.
Instead, try enabling the vbounce ruleset...
--j.
Re: Dramatic increase in bounce messages to forged addresses
Posted by mouss <mo...@netoyen.net>.
Matus UHLAR - fantomas wrote:
>> On Wed, 2 Apr 2008, Justin Mason wrote:
>>
>>
>>> John Hardin writes:
>>>
>>>> On Tue, 1 Apr 2008, William Terry wrote:
>>>>
>>>>
>>>>> Is there anything I can do to mitigate this?
>>>>>
>>>> Do you publish SPF records?
>>>>
>>> Logically this should have an effect, but in real-world terms, it
>>> doesn't. So don't worry about it.
>>>
>
> On 02.04.08 09:06, John Hardin wrote:
>
>> Sure it won't if nobody ever publishes any SPF records.
>>
>
> and they don't publish SPF since "nobody uses them" and they don't use SPF
> because "spammers also use SPF" which they understand as "SPF is useless"
>
some people don't publish SPF because there are not enough incentives to
do so. Other people don't publish SPF because they don't want to! some
even remove the records they published before:
http://www.circleid.com/posts/spf_loses_mindshare/
anyway, I don't think this list is appropriate for debating SPF pros and
cons...
> people are someetimes incredibly dumb when it comes to technologies.
>
>
>>> Instead, try enabling the vbounce ruleset...
>>>
>> Certainly, do that. But *also* publish SPF records so that the people who
>> *do* check SPF have a chance to reject forgeries proactively.
>>
>
> Agreed, just do it.
>
Re: Dramatic increase in bounce messages to forged addresses
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> On Wed, 2 Apr 2008, Justin Mason wrote:
>
> >John Hardin writes:
> >>On Tue, 1 Apr 2008, William Terry wrote:
> >>
> >>>Is there anything I can do to mitigate this?
> >>
> >>Do you publish SPF records?
> >
> >Logically this should have an effect, but in real-world terms, it
> >doesn't. So don't worry about it.
On 02.04.08 09:06, John Hardin wrote:
> Sure it won't if nobody ever publishes any SPF records.
and they don't publish SPF since "nobody uses them" and they don't use SPF
because "spammers also use SPF" which they understand as "SPF is useless"
people are someetimes incredibly dumb when it comes to technologies.
> >Instead, try enabling the vbounce ruleset...
>
> Certainly, do that. But *also* publish SPF records so that the people who
> *do* check SPF have a chance to reject forgeries proactively.
Agreed, just do it.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Enter any 12-digit prime number to continue.
Re: Dramatic increase in bounce messages to forged addresses
Posted by John Hardin <jh...@impsec.org>.
On Wed, 2 Apr 2008, Justin Mason wrote:
> John Hardin writes:
>> On Tue, 1 Apr 2008, William Terry wrote:
>>
>>> Is there anything I can do to mitigate this?
>>
>> Do you publish SPF records?
>
> Logically this should have an effect, but in real-world terms, it
> doesn't. So don't worry about it.
Sure it won't if nobody ever publishes any SPF records.
> Instead, try enabling the vbounce ruleset...
Certainly, do that. But *also* publish SPF records so that the people who
*do* check SPF have a chance to reject forgeries proactively.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Public Education: the bureaucratic process of replacing
an empty mind with a closed one. -- Thorax
-----------------------------------------------------------------------
11 days until Thomas Jefferson's 265th Birthday
Re: Dramatic increase in bounce messages to forged addresses
Posted by mouss <mo...@netoyen.net>.
Benny Pedersen wrote:
> On Wed, April 2, 2008 21:34, mouss wrote:
>
>
>> Anyone knows if backscatterer.org list is safe? If so, one can reject
>> mail if the envelope sender is empty and the client is listed there.
>>
>
> http://rfc-ignorant.org/policy-dsn.php
>
I've posted to rfc-discuss to get this clarified. I would prefer if the
part that says
<cite>
If the rejection message clearly indicates the reason for denial as not
being something related to the null-envelope (or above-mentioned
timeout) ("{ip} rejected as listed on the MAPS RBL", etc.), then that
spam-blocking shall not be considered grounds to list a domain.
</cite>
is extended so that dsn listing would not apply if a "reasonable"
criteria is used.
Re: Dramatic increase in bounce messages to forged addresses
Posted by Benny Pedersen <me...@junc.org>.
On Wed, April 2, 2008 21:34, mouss wrote:
> Anyone knows if backscatterer.org list is safe? If so, one can reject
> mail if the envelope sender is empty and the client is listed there.
http://rfc-ignorant.org/policy-dsn.php
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: Dramatic increase in bounce messages to forged addresses
Posted by mouss <mo...@netoyen.net>.
Jo Rhett wrote:
> On Apr 2, 2008, at 12:34 PM, mouss wrote:
>> no tuning on your side will help solving problems at the other side.
>> For example, I found that hotmail cache the value
>
> Yes, they cache the results of that DNS query for exactly how long you
> tell them to.
This is not my observation. After moving the MTA to another box, hotmail
started discarding mail. testing for more than two weeks didn't change
anything. I never sat up a TTL of two weeks.
I have already seen "abusive" dns cache at large sites. this is why I
suspect this was a cache issue. but I may be wrong. Anyway, other broken
spf implementations/setups were reported. so I am not very confident...
> If you want the SPF record cached less, reduce the TTL on that record.
>
I don't remember, but I think it was 12 or 24 hours. that's less than 2
weeks even counting jet lag around the globe.
Re: Dramatic increase in bounce messages to forged addresses
Posted by Jo Rhett <jr...@netconsonance.com>.
On Apr 2, 2008, at 12:34 PM, mouss wrote:
> no tuning on your side will help solving problems at the other
> side. For example, I found that hotmail cache the value
Yes, they cache the results of that DNS query for exactly how long
you tell them to. If you want the SPF record cached less, reduce
the TTL on that record.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
Re: Dramatic increase in bounce messages to forged addresses
Posted by mouss <mo...@netoyen.net>.
Martin Gregorie wrote:
> On Wed, 2008-04-02 at 10:08, Justin Mason wrote:
>
>> John Hardin writes:
>>
>>> On Tue, 1 Apr 2008, William Terry wrote:
>>>
>>>
>>>> Is there anything I can do to mitigate this?
>>>>
>>> Do you publish SPF records?
>>>
>> Logically this should have an effect, but in real-world terms, it doesn't.
>> So don't worry about it.
>>
>>
> SPF has worked well for me, but it has to be set up right.
> Use http://www.kitterman.com/spf/validate.html to define and test your
> SPF record.
>
no tuning on your side will help solving problems at the other side. For
example, I found that hotmail cache the value and if you add an
authroized MTA, it won't be accepted (hotmail silently discarded mail
from the new MTA, so I had to relay hotmail mail using the old MTA). I
suspect there are other brokerage out there, and this doesn't encourage
me to setup SPF records anymore...
Problems are better solved at the source. we hope that misconfigured
sites will be informed and will fix their setup. If not, blacklisting
seems to be the only way (as even filtering isn't effective since some
NDRs do not contain enough information).
Anyone knows if backscatterer.org list is safe? If so, one can reject
mail if the envelope sender is empty and the client is listed there.
Re: Dramatic increase in bounce messages to forged addresses
Posted by Martin Gregorie <ma...@gregorie.org>.
On Wed, 2008-04-02 at 10:08, Justin Mason wrote:
> John Hardin writes:
> > On Tue, 1 Apr 2008, William Terry wrote:
> >
> > > Is there anything I can do to mitigate this?
> >
> > Do you publish SPF records?
>
> Logically this should have an effect, but in real-world terms, it doesn't.
> So don't worry about it.
>
SPF has worked well for me, but it has to be set up right.
Use http://www.kitterman.com/spf/validate.html to define and test your
SPF record.
Martin