You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2007/08/27 15:35:39 UTC
Re: SPF-Compliant Spam
Marc Perkel writes:
> Jason Bertoch wrote:
> > I think it's safe to say I'm not in the minority when I receive
> > SPF-Compliant spam. I'm looking for opinions on what we can honestly
> > derive from such messages regarding the sending server's IP and the
> > sending address' domain name. Is it wise to blacklist both, or is this
> > yet another case where SPF has failed to meet projections?
>
> SPF breaks email forwarding. I haven't found anything I can't use it for
> that's useful.
On the contrary, we in SpamAssassin find it useful.
--j.
Re: SPF-Compliant Spam
Posted by Matt Kettler <mk...@verizon.net>.
Marc Perkel wrote:
>
>
> Justin Mason wrote:
>> On the contrary, we in SpamAssassin find it useful.
>>
>>
>
> How do you avoid a false positive on forwarded email?
Since my other mail is long, a short reply to this direct question is in
order.
put the forwarder in trusted_networks and internal_networks. ie: declare
the forwarder to be a part of your own network. SA will then
automatically use the forwarder's headers when checking SPF, instead of
the local one.
Either that or get your forwarder to rewrite the MAIL FROM and become a
remailer instead of a forwarder. There's even SRS patches out there to
get your MTA to do the rewrite.
See also: http://www.openspf.org/FAQ/Forwarding
Re: SPF-Compliant Spam
Posted by Marc Perkel <ma...@perkel.com>.
Justin Mason wrote:
> Marc Perkel writes:
>
>> Jason Bertoch wrote:
>>
>>> I think it's safe to say I'm not in the minority when I receive
>>> SPF-Compliant spam. I'm looking for opinions on what we can honestly
>>> derive from such messages regarding the sending server's IP and the
>>> sending address' domain name. Is it wise to blacklist both, or is this
>>> yet another case where SPF has failed to meet projections?
>>>
>> SPF breaks email forwarding. I haven't found anything I can't use it for
>> that's useful.
>>
>
> On the contrary, we in SpamAssassin find it useful.
>
>
How do you avoid a false positive on forwarded email?
Re: SPF-Compliant Spam
Posted by Kelson <ke...@speed.net>.
Marc Perkel wrote:
> SPF is useless.
Oh, of course. No matter how many times people point out uses they've
found for it, no matter whether those uses are actually impacted by
email forwarding or not, you're right, obviously we're all living in a
fantasy world because the only *possible* thing one could do with an SPF
result is to reject all failures and blindly whitelist all passes.
No one could *possibly* do something like, say...
Take known spam that passes SPF and use it to generate a domain
blacklist, or...
Take a friendly domain and whitelist only mail *from that domain* that
passes SPF, like SpamAssassin's whitelist_from_spf function does...
etc.
(Notice how neither of those break with email forwarding? A forwarded
message just goes through normal channels instead of getting special
treatment.)
But no, there's absolutely *no way* anyone could do things like that.
*sigh*
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
RE: SPF-Compliant Spam
Posted by Rick Cooper <rc...@dwford.com>.
_____
From: Marc Perkel [mailto:marc@perkel.com]
Sent: Monday, August 27, 2007 3:49 PM
To: users@spamassassin.apache.org
Subject: Re: SPF-Compliant Spam
Kai Schaetzl wrote:
Justin Mason wrote on Mon, 27 Aug 2007 14:35:39 +0100:
On the contrary, we in SpamAssassin find it useful.
I have to agree with Marc in this special case. It's not very useful. The
reason I think this is that the amount of domains that use SPF is scarce,
*really* scarce. I kept an eye on this for some weeks with the help of
milter-spf and less than 5% of all mail had SPF. It may be helpful for
some people, for instance to avoid greylisting or so, but as it is not
much in use I don't find it very useful.
Kai
I agree. And SPF breaks email forwarding and spammers can set SPF records as
well. SPF is useless.
[Rick Cooper]
Not true, proper implementation does not break forwarding. And for spammers
using bots they pretty much have to use a rule that allows the whole world
to send for them (like +all) . We deny mail from anyone who uses things like
+all, \d+\.0\.0\.0\/2, etc. If they publish valid, accurate SPF records then
they have taken responsibility for their spam and helps with complaints.
Last of all, if everyone used SPF it would certainly render most joe-jobs
useless. It really pisses me off if I get a bunch of back-scatter from a
joe-job when our SPF records list all hosts allowed to send in our name, and
hard fail all others. While I don't get huge numbers of SPF fail I get
enough that I find it very worth while. I also fail a fair number of +all
type records and when you look at the hosts you see a lot of dsl/cable hosts
which would lead one to believe they are certainly bots.
SPF would do a better job if it were used by more systems, especially in the
area of forged addresses.
Rick
--
This message has been scanned for viruses and
dangerous content by <http://www.mailscanner.info/> MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: SPF-Compliant Spam
Posted by Marc Perkel <ma...@perkel.com>.
Kai Schaetzl wrote:
> Justin Mason wrote on Mon, 27 Aug 2007 14:35:39 +0100:
>
>
>> On the contrary, we in SpamAssassin find it useful.
>>
>
> I have to agree with Marc in this special case. It's not very useful. The
> reason I think this is that the amount of domains that use SPF is scarce,
> *really* scarce. I kept an eye on this for some weeks with the help of
> milter-spf and less than 5% of all mail had SPF. It may be helpful for
> some people, for instance to avoid greylisting or so, but as it is not
> much in use I don't find it very useful.
>
> Kai
>
>
I agree. And SPF breaks email forwarding and spammers can set SPF
records as well. SPF is useless.
Re: SPF-Compliant Spam
Posted by Per Jessen <pe...@computer.org>.
Kai Schaetzl wrote:
> I have to agree with Marc in this special case. It's not very useful.
> The reason I think this is that the amount of domains that use SPF is
> scarce, *really* scarce. I kept an eye on this for some weeks with the
> help of milter-spf and less than 5% of all mail had SPF.
Yes, that is my experience too.
/Per Jessen, Zürich
Re: SPF-Compliant Spam
Posted by Kai Schaetzl <ma...@conactive.com>.
Justin Mason wrote on Mon, 27 Aug 2007 14:35:39 +0100:
> On the contrary, we in SpamAssassin find it useful.
I have to agree with Marc in this special case. It's not very useful. The
reason I think this is that the amount of domains that use SPF is scarce,
*really* scarce. I kept an eye on this for some weeks with the help of
milter-spf and less than 5% of all mail had SPF. It may be helpful for
some people, for instance to avoid greylisting or so, but as it is not
much in use I don't find it very useful.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com