Re: [Asrg] misconception in SPF

Martijn Grooten <martijn.grooten@virusbtn.com> Mon, 10 December 2012 08:43 UTC

Return-Path: <martijn.grooten@virusbtn.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56B3321F8E66 for <asrg@ietfa.amsl.com>; Mon, 10 Dec 2012 00:43:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.669
X-Spam-Level:
X-Spam-Status: No, score=-9.669 tagged_above=-999 required=5 tests=[AWL=0.929, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B3v6TgrO6WpZ for <asrg@ietfa.amsl.com>; Mon, 10 Dec 2012 00:43:47 -0800 (PST)
Received: from mx5.sophos.com (mx5.sophos.com [195.171.192.175]) by ietfa.amsl.com (Postfix) with ESMTP id C34FB21F8E58 for <asrg@irtf.org>; Mon, 10 Dec 2012 00:43:46 -0800 (PST)
Received: from mx5.sophos.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id D5D69540B72 for <asrg@irtf.org>; Mon, 10 Dec 2012 08:43:44 +0000 (GMT)
Received: from abn-exch1b.green.sophos (unknown [10.100.70.62]) by mx5.sophos.com (Postfix) with ESMTPS id B49CE540A08 for <asrg@irtf.org>; Mon, 10 Dec 2012 08:43:44 +0000 (GMT)
Received: from ABN-EXCH1A.green.sophos ([fe80::67:3150:dacd:910d]) by abn-exch1b.green.sophos ([fe80::dc96:facf:3d2c:c352%17]) with mapi id 14.02.0247.003; Mon, 10 Dec 2012 08:43:44 +0000
From: Martijn Grooten <martijn.grooten@virusbtn.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Thread-Topic: [Asrg] misconception in SPF
Thread-Index: AQHN0+ufsqH0dJXpZk22wCV06nTFZ5gMNOaAgAASggCAALs6AIADkeEAgABtQPSAACMogIAAfLtK
Date: Mon, 10 Dec 2012 08:43:44 +0000
Message-ID: <0D79787962F6AE4B84B2CC41FC957D0B20ACFFE1@ABN-EXCH1A.green.sophos>
References: <20121206212116.10328.qmail@joyce.lan> <50C1A95A.5000001@pscs.co.uk> <50C4A7F8.3010201@dcrocker.net> <CAFdugamTbTirVV2zXKOmc9oTaCS+QiTemhT=jvYJnHYscHQK7g@mail.gmail.com> <0D79787962F6AE4B84B2CC41FC957D0B20ACE6D0@ABN-EXCH1A.green.sophos> <20121209213307.D90C12429B@panix5.panix.com>, <CAFduganBR_E-ui-3Xbic6F7qSmg1-Q+ideXLvb+1isLz8OF0Nw@mail.gmail.com>
In-Reply-To: <CAFduganBR_E-ui-3Xbic6F7qSmg1-Q+ideXLvb+1isLz8OF0Nw@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.100.64.11]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [Asrg] misconception in SPF
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Dec 2012 08:43:48 -0000

> but what will I say them when they´ll see
> mails "comming" from a subdomain of the real domain that the mail
> claims to be from and no checks failed?

As others have pointed out, SPF is not for end-users. If you desperately want them to make sense of SPF checks, make sure you tell them that not failing SPF means exactly nothing; it definitely does not mean the emails passed SPF, or anything else that should give you extra reason to assume the domain is not forged.

If you believe they are really clever, you may consider telling them that in case of important emails, not passing SPF is a reason to be extra suspicious. But I personally wouldn't go there, even if the users had invented the Internet.

Martijn.

________________________________

Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.