LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

June 2008

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS June 2008

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: SPF checking
From:	John Summerfield <[log in to unmask]>
Reply To:	John Summerfield <[log in to unmask]>
Date:	Tue, 10 Jun 2008 08:32:52 +0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (54 lines)

Miguel A. Lerma wrote:
>  >  From the explanations there, and articles in other places, I quickly 
>  > decided it's inherently broken.
> 
> One has to be aware of its strengths and weaknesses before implementing it,
> but the fact is that important and influential domains such as hotmail
> and google are adopting it. I had to start publishing SPF records on our
> DNS server when most (legitimate) mail from our domain was being flagged
> as spam by hotmail, because much of the spam received by them seemed to
> be coming from our domain, and hotmail had classified our domain as a
> spam mailer.  Publishing SPF records, together with disabling forwarding
> (as I explain below) was a better and more realistic alternative than
> asking our users to stop communicating with hotmail addresses.

:-) My daughter, then a junior scientist, used to work at a .edu.au 
place that blocked incoming mail from Hotmail.

I'm just waiting for ImprovedSpamSender, that reads a user's Internet 
Exploder's settings (as Thunderbird does) and uses those to send email. 
As far as I can see, it will defeat SPF, CSV, Greylisting and everything 
else I can think of except outbound filtering by the users' IAP.

> 
> This brings one of the main criticisms against SPF, that it breaks
> forwarding.  That's Ok, I already stopped forwarding on our system, most
> users were forwarding spam anyway, and as consequence our domain was being
> flagged as a spam mailer. Users that really need to forward email can use
> the remailing mechanism instead, making sure that all mail is filtered for
> spam _before_ being remailed.

I do have one measure that seems entirely effective against spam, but it 
doesn't scale well and it's a little tedious. Probably, many people here 
have noticed it. My server that handles email for this domain sits 
behind a firewall, and that firewall has a rule that forwards port 25 
TCP traffic from selected internet addresses to it. It does mean that 
folk from those select internet addresses can't reach my regular 
address, but that's okay. I don't like off-list replies.

It might be a useful idea for others though.

-- 

Cheers
John

-- spambait
[log in to unmask]  [log in to unmask]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV