Miguel A. Lerma wrote:
> > From the explanations there, and articles in other places, I quickly
> > decided it's inherently broken.
>
> One has to be aware of its strengths and weaknesses before implementing it,
> but the fact is that important and influential domains such as hotmail
> and google are adopting it. I had to start publishing SPF records on our
> DNS server when most (legitimate) mail from our domain was being flagged
> as spam by hotmail, because much of the spam received by them seemed to
> be coming from our domain, and hotmail had classified our domain as a
> spam mailer. Publishing SPF records, together with disabling forwarding
> (as I explain below) was a better and more realistic alternative than
> asking our users to stop communicating with hotmail addresses.
:-) My daughter, then a junior scientist, used to work at a .edu.au
place that blocked incoming mail from Hotmail.
I'm just waiting for ImprovedSpamSender, that reads a user's Internet
Exploder's settings (as Thunderbird does) and uses those to send email.
As far as I can see, it will defeat SPF, CSV, Greylisting and everything
else I can think of except outbound filtering by the users' IAP.
>
> This brings one of the main criticisms against SPF, that it breaks
> forwarding. That's Ok, I already stopped forwarding on our system, most
> users were forwarding spam anyway, and as consequence our domain was being
> flagged as a spam mailer. Users that really need to forward email can use
> the remailing mechanism instead, making sure that all mail is filtered for
> spam _before_ being remailed.
I do have one measure that seems entirely effective against spam, but it
doesn't scale well and it's a little tedious. Probably, many people here
have noticed it. My server that handles email for this domain sits
behind a firewall, and that firewall has a rule that forwards port 25
TCP traffic from selected internet addresses to it. It does mean that
folk from those select internet addresses can't reach my regular
address, but that's okay. I don't like off-list replies.
It might be a useful idea for others though.
--
Cheers
John
-- spambait
[log in to unmask] [log in to unmask]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
|