Re: [Asrg] whitelisting links (was Re: misconception in SPF)

Michael Thomas <mike@mtcc.com> Tue, 11 December 2012 15:08 UTC

Return-Path: <mike@mtcc.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 288EC21F8701 for <asrg@ietfa.amsl.com>; Tue, 11 Dec 2012 07:08:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=1.000, BAYES_00=-2.599, GB_I_LETTER=-2]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iqF2SMy6WFcv for <asrg@ietfa.amsl.com>; Tue, 11 Dec 2012 07:07:59 -0800 (PST)
Received: from mtcc.com (mtcc.com [IPv6:2001:5a8:4:9fe0:224:8cff:feaa:6d9b]) by ietfa.amsl.com (Postfix) with ESMTP id 6096021F84F3 for <asrg@irtf.org>; Tue, 11 Dec 2012 07:07:59 -0800 (PST)
Received: from takifugu.mtcc.com (takifugu.mtcc.com [50.0.18.224]) (authenticated bits=0) by mtcc.com (8.14.3/8.14.3) with ESMTP id qBBF7w7R006349 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Tue, 11 Dec 2012 07:07:58 -0800
Message-ID: <50C74C4E.9040507@mtcc.com>
Date: Tue, 11 Dec 2012 07:07:58 -0800
From: Michael Thomas <mike@mtcc.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.22) Gecko/20090605 Thunderbird/2.0.0.22 Mnenhy/0.7.5.0
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <0D79787962F6AE4B84B2CC41FC957D0B20ACFFE1@ABN-EXCH1A.green.sophos> <50C5A9A0.105@pscs.co.uk> <0D79787962F6AE4B84B2CC41FC957D0B20AD01B2@ABN-EXCH1A.green.sophos> <20121210145627.GA21217@gsp.org> <50C6121D.9040607@dcrocker.net> <50C617A2.8090602@pscs.co.uk> <0D79787962F6AE4B84B2CC41FC957D0B20AD5E36@ABN-EXCH1A.green.sophos> <50C644F6.3090901@pscs.co.uk> <0D79787962F6AE4B84B2CC41FC957D0B20AD737F@ABN-EXCH1A.green.sophos> <50C6BDB2.1010407@mustelids.ca> <20121211133727.GA8759@gsp.org> <50C7414C.3030203@mtcc.com> <50C748C7.3080104@jdmc.org>
In-Reply-To: <50C748C7.3080104@jdmc.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1156; t=1355238478; x=1356102478; c=relaxed/simple; s=thundersaddle.kirkwood; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=mtcc.com; i=mike@mtcc.com; z=From:=20Michael=20Thomas=20<mike@mtcc.com> |Subject:=20Re=3A=20[Asrg]=20whitelisting=20links=20(was=20 Re=3A=20=20misconception=20in=20SPF) |Sender:=20 |To:=20Anti-Spam=20Research=20Group=20-=20IRTF=20<asrg@irtf .org> |Content-Type:=20text/plain=3B=20charset=3DISO-8859-1=3B=20 format=3Dflowed |Content-Transfer-Encoding:=207bit |MIME-Version:=201.0; bh=weY+2SLG6c/5jYZ5tnjw6vzGlebDv9grkHYe5BmN+Aw=; b=iJ1U8d5mfoWl9Y8iBpDESNLFwFW7Xgoh0Al4PJc2l+zP3tAmtJ8X6za+X9 p7G+mdAL37KDb/PfnEjKvfhwFYItLfV8ekyAihx7VD9vycZH04dX56EVO7hl YGFLh6goTyMM4IWybSkYJhZhoRE+x23brioZV3PTkM059Pp9Zg1k8=;
Authentication-Results: mtcc.com; v=0.1; dkim=pass header.i=mike@mtcc.com ( sig from mtcc.com/thundersaddle.kirkwood verified; ); dkim-asp=pass header.From=mike@mtcc.com
Subject: Re: [Asrg] whitelisting links (was Re: misconception in SPF)
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2012 15:08:00 -0000

On 12/11/2012 06:52 AM, John Johnson wrote:
> Michael Thomas wrote:
>
>> Anybody who thinks that using HTML or outsourcers are "worst
>> practices" is part of the problem, not part of the solution.
>    I highly disagree.  A local bank just hired an outside firm to
>    spam a "newsletter" to their customers in my area. It was quite
>    difficult to tell if it was legitimate, as the bank had published
>    SPF records, yet failed to provide the ip's of the outsourcers
>    servers. And then used the banks domain name as the source.

Simply being an outsourcer doesn't preclude having first party
dkim signatures.

>
>    This should not be acceptable behavior, especially for a financial
>    institution. It trains their customers to just accept anything
>    and everything, they should be setting the bar, not lowering it.
>

Customers aren't trained in anything to do with email headers of
any kind. What should and should not be acceptable behavior is
strictly between the sender's practices and the receiver's filtering.
If you want to complain, complain to the receiving MTA's. Legitimate
senders will adapt.

Mike