Suffering
Retrovertigo
Premium,VIP
join:2004-03-06
127.0.0.1
clubs:
| [Spam] SPF record
Do any of your use SPF on your mail server? I hadn't heard of this until recently but it sounds like a good idea to me.
»www.openspf.org
Explain how SPF works in 1 minute.
Domains use public records (DNS) to direct requests for different services (web, email, etc.) to the machines that perform those services.All domains already publish email (MX) records to tell the world what machines receive mail for the domain.
SPF works by domains publishing "reverse MX" records to tell the world what machines send mail from the domain. When receiving a message from a domain, the recipient can check those records to make sure mail is coming from where it should be coming from.
With SPF, those "reverse MX" records are easy to publish: one line in DNS is all it takes.
--
kicking screaming gucci little piggy |
|
nil
Java Geek
join:2000-11-27 | Yes.. doesn't help much. |
|
Suffering
Retrovertigo
Premium,VIP
join:2004-03-06
127.0.0.1
clubs: | LOL ok... could you elaborate on why you didn't like it? 
--
kicking screaming gucci little piggy |
|
nil
Java Geek
join:2000-11-27
Host:
Webmasters and Dev..
Forum Feature Requ..
| I did once:
»www.unix-girl.com/blog/archives/···how.html
--
Life is too short to be boring |
|
vaisg
join:2005-09-11
1 edit | reply to Suffering
I think you have grossly misunderstood SPF. They spammers can't bypass it. They would like you to think that they have bypassed it. Anything in the header after the first line is virtually useless and can be forged. Spam I have received add SPF information themselves.
This issue of your domain still getting bounced mails is due to the receiving servers not implementing or unable to support SPF, thus unable to put SPF into use. But for those that does, the spammers won't be able to send their junk.
Someone in your site states that he and his users are unable to respond to mailing list that does SPF check. The fault is in his configuration of the SPF text because he did not add his ISP's ip addresses to the SPF text he implemented on his domain. So it is not really a fault of the system but his own because he doesn't take the trouble to go through the documentation on how to implement it thoroughly.
Another point worth noting is that spammers hate to be blocked but don't care if their spam gets returned. SPF will block the spammers at the server level, thus although not obvious, it will cause them some frustration. They won't like it because it is the sender address that is causing the bounce but not the recipient's due to blacklist or something. So why would they want the trouble of attempting to use your email addresses and get into all these blocking even before they spam? |
|
nil
Java Geek
join:2000-11-27
Host:
Webmasters and Dev..
Forum Feature Requ..
| If you were replying to me (I assume you were).. I know exactly how spf works and the "relief" I was expecting was a reduction in bounced messages because my domain has an spf record.. Obviously, I was quite underwhelmed by the number of servers that actually implement spf.. hence my reaction to it.. It's a nice idea, but unless more people implement it, it's not going to help much.
--
Life is too short to be boring |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
 ·AT&T Midwest
| reply to vaisg
I think you have grossly misunderstood SPF. Or maybe you have misunderstood it.
Even the proponents of SPF admit that it won't solve the spam problem.But for those that does, the spammers won't be able to send their junk. Nonsense.
Spammers can simply purchase their own throw-away domains, and set their own SPF records. |
|
vaisg
join:2005-09-11
| reply to nil
Hi nil
If you look at it from the spammers' side, for their spam to get through, they will need to worry about blacklists, the spam filters, then client side filtering.
If they were to use domains that have SPF implemented and thus having to deal with those recipient's servers that may support SPF, why would they want the extra obstacle to overcome.
Even if it is not a common implementation, I believe that they would prefer to use another email address/addresses that may not have SPF text just to avoid problems.
IMO, it is good, just that they (the spammers) want you to think otherwise. |
|
vaisg
join:2005-09-11
2 edits | reply to nwrickert
quote:
Spammers can simply purchase their own throw-away domains, and set their own SPF records.
What does this has to do with your domain being the source of returned messages?
I think you are confused. When they purchase their own domains, then they and their registrar will have to deal with complaints not you at the very least.
And there is really no need to be rude. |
|
nil
Java Geek
join:2000-11-27
Host:
Webmasters and Dev..
Forum Feature Requ..
1 edit | reply to vaisg
Upon re-reading your message:
My only reaction is that because so few servers implement spf, it's use isn't a huge benefit right now.. My domain was used several times as spam-return address and I have an spf record.. so obviously it's not a huge deterrent either. |
|
