Re: [Asrg] misconception in SPF

Seth <sethb@panix.com> Sun, 09 December 2012 21:33 UTC

Return-Path: <sethb@panix.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F72721F8CEF for <asrg@ietfa.amsl.com>; Sun, 9 Dec 2012 13:33:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JbtIW0xaKBDU for <asrg@ietfa.amsl.com>; Sun, 9 Dec 2012 13:33:08 -0800 (PST)
Received: from mailbackend.panix.com (mailbackend.panix.com [166.84.1.89]) by ietfa.amsl.com (Postfix) with ESMTP id 9F30021F8CDB for <asrg@irtf.org>; Sun, 9 Dec 2012 13:33:08 -0800 (PST)
Received: from panix5.panix.com (panix5.panix.com [166.84.1.5]) by mailbackend.panix.com (Postfix) with ESMTP id EAF892E847 for <asrg@irtf.org>; Sun, 9 Dec 2012 16:33:07 -0500 (EST)
Received: by panix5.panix.com (Postfix, from userid 756) id D90C12429B; Sun, 9 Dec 2012 16:33:07 -0500 (EST)
From: Seth <sethb@panix.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
In-reply-to: <0D79787962F6AE4B84B2CC41FC957D0B20ACE6D0@ABN-EXCH1A.green.sophos> (message from Martijn Grooten on Sun, 9 Dec 2012 16:13:31 +0000)
References: <20121206212116.10328.qmail@joyce.lan> <50C1A95A.5000001@pscs.co.uk> <50C4A7F8.3010201@dcrocker.net>, <CAFdugamTbTirVV2zXKOmc9oTaCS+QiTemhT=jvYJnHYscHQK7g@mail.gmail.com> <0D79787962F6AE4B84B2CC41FC957D0B20ACE6D0@ABN-EXCH1A.green.sophos>
Message-Id: <20121209213307.D90C12429B@panix5.panix.com>
Date: Sun, 09 Dec 2012 16:33:07 -0500
Subject: Re: [Asrg] misconception in SPF
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Dec 2012 21:33:09 -0000

Martijn Grooten <martijn.grooten@virusbtn.com> wrote:

> A forged email using a subdomain for which no SPF record exists will
> pass the test checks against SPF fails, something which some
> spam-filters include, as it's a cheap way to get rid of a chunk of
> spam. Such a forged email will NOT "pass" SPF.

There is no way for the owner of the overlying domain (who also owns
the subdomain) to force such email to FAIL.  There should be a way to
specify "all valid email from this domain and subdomains comes only
from this set of IPs and no others" and SPF fails to provide one.
That's a weakness in the structure of SPF which ought to be fixed.

Seth