TMDA Re: [Gllug] New worm doing the rounds?

will will at hellacool.co.uk
Tue Feb 17 17:30:07 UTC 2004 

Bruce Richardson wrote:
> SPF isn't a challenge/response mechanism.  It's a suggested extension to
> current DNS practice that would allow organisations to specify which
> mail systems are allowed to send mail for their domain (current practice
> only allows you to specify which machines will receive mail for your
> domain).  If such practice were widespread, it would enable mail admins
> to reject any mail with an @example.org address if it didn't come from a
> designated sender machine woth out even looking any further.
> 
> The basic idea is good but it faces the problem that it doesn't become
> effective until the practice is widespread, which provides no incentive
> for early adoption.

Maybe, if I add SPF checking to my mail server I think there would be an 
immediate improvement.  Certainly an SPF check that resulted in a 
faliure could be rejected before any other checks[0], and a pass might 
add a negative value for a spam score[0].

Also, as more and more people implement it, the systems will get more 
and more effective.

> Note for the obstinate: like many other mail policies, SPF would only be
> effective for an organisation if the policy were applied on *all* mail
> exchangers, "backup" or no.

What?  But hey!  I demand that I should be able to run my backup MX as 
an open relay and an open proxy and a DDOS client and all that stuff! 
It's in the RFC's!  You are completely wrong if you do otherwise!

</troll>

Will.


[0]And the result would be cached, so if I recieve 100 emails from 
somespfdomain.com addresses all from different IP's, the first email I 
check the spf data and cache it, the next 99 emails that are sent will 
all be swiftly rejected if they fail the cached SPF check, saving the 
need for 100 RBL checks.

All based on my knowledge of SPF and the SPF config of the senders domain.

[1]I suppose this is more likely than a failure.  Spammers are not going 
to send spam from domains with restrictive spf policies.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list