You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by ji...@jidanni.org on 2008/05/08 19:19:17 UTC

trusted mailing list subscriber spam

Odd how mailing lists that don't obfuscate addresses don't see more
trusted mailing list subscriber spam.

All a spam program would have to do is say "bob@example.com posts lots
to that list. His address must be a trusted subscriber. Well, here's
one more post from him, muhahaha."

OK, I suppose that would be caught by SPF rules etc., if bob likes SPF.

Re: trusted mailing list subscriber spam

Posted by mouss <mo...@netoyen.net>.

Matus UHLAR - fantomas wrote:
>> On Sun, May 11, 2008 22:39, mouss wrote:
>>
>>     
>>> a +all and you are annoying us about forwarding and SPF?
>>>       
>
> On 12.05.08 23:07, Benny Pedersen wrote:
>   
>> he, i have +all and forward nothing :)
>>     
>
> it's not about what do you forward, it's about others forwarding your
> e-mail (without rewriting mail from: which is a bad thing).
>   

and more importantly: about others being able to reject mail claiming to 
be from his domain but coming out of faraway clients.
>   
>> stop annoying me that spf cant be used
>>     
>
> Don't wonder if anyone will reject or flag your e-mail because havinr "+all"
> in SPF
>
>   

exactly.

Re: trusted mailing list subscriber spam

Posted by Benny Pedersen <me...@junc.org>.

On Tue, May 13, 2008 23:09, Matus UHLAR - fantomas wrote:

> spammers will use whatever they'll see people don't catch.
> you just told all spammers to use "mx +all" in SPF records for their domains
> to be able to use them for world-wide spamming

basic score in spf is olso very low pr default, one still have to
whitelist_from_spf if recipient agre this domain does not send spam


Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098

Re: trusted mailing list subscriber spam

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

> On Tue, May 13, 2008 15:19, Matus UHLAR - fantomas wrote:
> 
> > Don't wonder if anyone will reject or flag your e-mail because havinr "+all"
> > in SPF

On 13.05.08 21:29, Benny Pedersen wrote:
> yes i need to implement srs to fix it better ?

no, forwarders need to.

> come on, srs and +all it imho the same seen to the recipient

it's not, they are much different.

> diff is that i dont use srs installed anywhere
> 
> fact:
> v=spf1 +all < this is bad !
> v=spf1 mx +all < this is not
> 
> if admins see them as equal, blame them

spammers will use whatever they'll see people don't catch.
you just told all spammers to use "mx +all" in SPF records for their domains
to be able to use them for world-wide spamming
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache inside...

Re: trusted mailing list subscriber spam

Posted by Benny Pedersen <me...@junc.org>.

On Tue, May 13, 2008 15:19, Matus UHLAR - fantomas wrote:

> Don't wonder if anyone will reject or flag your e-mail because havinr "+all"
> in SPF

yes i need to implement srs to fix it better ?

come on, srs and +all it imho the same seen to the recipient

diff is that i dont use srs installed anywhere

fact:
v=spf1 +all < this is bad !
v=spf1 mx +all < this is not

if admins see them as equal, blame them

Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098

Re: trusted mailing list subscriber spam

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

> On Sun, May 11, 2008 22:39, mouss wrote:
> 
> > a +all and you are annoying us about forwarding and SPF?

On 12.05.08 23:07, Benny Pedersen wrote:
> he, i have +all and forward nothing :)

it's not about what do you forward, it's about others forwarding your
e-mail (without rewriting mail from: which is a bad thing).

> stop annoying me that spf cant be used

Don't wonder if anyone will reject or flag your e-mail because havinr "+all"
in SPF

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
   One OS to rule them all, One OS to find them, 
One OS to bring them all and into darkness bind them

Re: trusted mailing list subscriber spam

Posted by Benny Pedersen <me...@junc.org>.

On Sun, May 11, 2008 22:39, mouss wrote:

> a +all and you are annoying us about forwarding and SPF?

he, i have +all and forward nothing :)

stop annoying me that spf cant be used


Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098

Re: trusted mailing list subscriber spam

Posted by mouss <mo...@netoyen.net>.

Benny Pedersen wrote:
> On Sun, May 11, 2008 03:07, jidanni@jidanni.org wrote:
>
>   
>> All I know is that I don't use SPF anymore for my domain as there are
>> just too many problems... e.g., forwarded messages.
>>     
>
> and you usely dont know where you forwards going from, :/(
>   

unless you receive spam from his domain, you have nothing to say. if you 
have a problem with forwarding, contact the IETF. In the mean time, 
please stop your SPF crusade.
> come on, please :-)
>   

$ host -t txt junc.org
junc.org descriptive text "v=spf1 ip4:80.166.47.252/30 
ip4:80.166.75.16/29 ip4:77.232.64.0/19 +all"


a +all and you are annoying us about forwarding and SPF?

Re: trusted mailing list subscriber spam

Posted by Benny Pedersen <me...@junc.org>.

On Sun, May 11, 2008 03:07, jidanni@jidanni.org wrote:

> All I know is that I don't use SPF anymore for my domain as there are
> just too many problems... e.g., forwarded messages.

and you usely dont know where you forwards going from, :/(

come on, please :-)


Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098

Re: trusted mailing list subscriber spam

Posted by ji...@jidanni.org.

>> All a spam program would have to do is say "bob@example.com posts lots
>> to that list. His address must be a trusted subscriber. Well, here's
>> one more post from him, muhahaha."

SB> If "Bob" posts a lot to a list(s) and is respected within said
SB> list(s), then the other subs of that list will immediately recognize
SB> by the tone and the writing style of a fake message that it wasn't Bob
SB> that sent it.

Yes, but I'm talking about having spamassassin do the recognizing before
it reaches the humans. OK, that means some training for what each
trusted subscriber's message usually looks like. I have an idea: let's
discuss this complicated question at some other time.

>> OK, I suppose that would be caught by SPF rules etc., if bob likes SPF.

SB> Not all mail systems actually block upon SPF breakage...

BP> what are you talking about ?, to score email addresses found on maillist a bit
BP> negative since it looks like none spammy human ?

All I know is that I don't use SPF anymore for my domain as there are
just too many problems... e.g., forwarded messages.

Re: trusted mailing list subscriber spam

Posted by Steve Bertrand <ia...@ibctech.ca>.

> All a spam program would have to do is say "bob@example.com posts lots
> to that list. His address must be a trusted subscriber. Well, here's
> one more post from him, muhahaha."

If "Bob" posts a lot to a list(s) and is respected within said list(s), 
then the other subs of that list will immediately recognize by the tone 
and the writing style of a fake message that it wasn't Bob that sent it.

> OK, I suppose that would be caught by SPF rules etc., if bob likes SPF.

Not all mail systems actually block upon SPF breakage...

Steve

Re: trusted mailing list subscriber spam

Posted by Benny Pedersen <me...@junc.org>.

On Thu, May 8, 2008 19:19, jidanni@jidanni.org wrote:

> OK, I suppose that would be caught by SPF rules etc., if bob likes SPF.

what are you talking about ?, to score email addresses found on maillist a bit
negative since it looks like none spammy human ?


Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098