IETF Logo Mail Archive

[Asrg] Re: SPF abused by spammers

Frank Ellermann <nobody@xyzzy.claranet.de> Sun, 12 September 2004 19:53 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA08370 for <asrg-web-archive@ietf.org>; Sun, 12 Sep 2004 15:53:38 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1C6aUQ-000724-Vw for asrg-web-archive@ietf.org; Sun, 12 Sep 2004 15:58:23 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1C6aMU-0000Yn-6Q; Sun, 12 Sep 2004 15:50:10 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1C6aGT-0006EB-M1 for asrg@megatron.ietf.org; Sun, 12 Sep 2004 15:43:57 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA08000 for <asrg@ietf.org>; Sun, 12 Sep 2004 15:43:55 -0400 (EDT)
Received: from [80.91.229.2] (helo=main.gmane.org) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1C6aL1-0006ur-Br for asrg@ietf.org; Sun, 12 Sep 2004 15:48:39 -0400
Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian)) id 1C6aGR-0006DH-00 for <asrg@ietf.org>; Sun, 12 Sep 2004 21:43:55 +0200
Received: from a064176.dialin.hansenet.de ([213.191.64.176]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <asrg@ietf.org>; Sun, 12 Sep 2004 21:43:55 +0200
Received: from nobody by a064176.dialin.hansenet.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <asrg@ietf.org>; Sun, 12 Sep 2004 21:43:55 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: asrg@ietf.org
From: Frank Ellermann <nobody@xyzzy.claranet.de>
Date: Sun, 12 Sep 2004 21:38:52 +0200
Organization: <URL:http://purl.net/xyzzy>
Lines: 52
Message-ID: <4144A5CC.208E@xyzzy.claranet.de>
References: <200409091620.i89GKbd39355@shedevil.annepmitchell.com> <44CFA5B6-027D-11D9-8DB5-000A95AC5778@isipp.com> <20040909212536.GH44802@Space.Net> <4141B4BA.5AE2@xyzzy.claranet.de> <20040910151402.GN44802@Space.Net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: a064176.dialin.hansenet.de
X-Mailer: Mozilla 3.0 (OS/2; U)
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793
Content-Transfer-Encoding: 7bit
Subject: [Asrg] Re: SPF abused by spammers
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/asrg>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
Sender: asrg-bounces@ietf.org
Errors-To: asrg-bounces@ietf.org
X-Spam-Score: 0.1 (/)
X-Scan-Signature: f4c2cf0bccc868e4cc88dace71fb3f44
Content-Transfer-Encoding: 7bit

Markus Stumpf wrote:

> I have a PDF document from Microsoft which is named
> "callerid_license.pdf" and is dated "Published:
> February 20, 2004".

Yes, they forgot to mention this in draft-atkinson-callerid-00.
This forced me to fast read some RfCs about IETF procedures if
nothing else, not a complete waste of time.  An IPR statement
was published about one week later (IIRC).

Some weeks later MARID decided that XML-over-DNS isn't very
convincing, and now MARID finally found that the "PRA" stuff
(algorithm and patent) is also rather dubious.

> It will *try* to solve the problem with domain forgery and
> while trying it breaks the whole existing Internet mail
> infrastructure by requiring something like half baked SRS.

 From my POV that's not the case.  Mail is either on my side
(MUA to MSA or similar / more elaborated structures)  or it's
on the side of the recipient (MX / MDA).  That's covered by
"my" sender policy, don't accept any mail claiming to be sent
from me unless it's sent by one of the IPs in my sender policy.

Now if the recipient wishes to forward my mail he's free to
do so (I'd recommend RfC 1149 ;-), but he must not abuse "my"
MAIL FROM.  There are many other ways to forward mail.

>> I care.  Back to zero bounces / out-of-office / vacation /
>> challenges / broken NDRs / Symantec announcing its ignorance
>> to the e-mail world at large / etc. per day as it was in
>> 2003.

> In which way does SPF protect you from out-of-office /
> vacation / challenges

The spammer forging @xyzzy addresses stopped to do so.  Now of
course he failed to inform me _why_ he stopped. and he also
failed to inform me why he started this abuse, therefore I can
only guess:  Maybe he replaces all abused domains after almost
precisely six months.  Or he's out of business.  Or he uses SA
for his quality control, and abusing xyzzy addresses FAILed for
SA 3.0.  Whatever he did, no more vacation / OOO / bounces /
challenges / etc. mails for me.  But more spam, as expected.

                        Bye, Frank
-- 
I think we've seen that forcing spammers to send more spam
hasn't been an effective way to make them stop sending spam.
[John L. <http://archive.iecc.com/article/spamtools/20030521001>]



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email