IETF Logo Mail Archive

Re: [spfbis] Local macros strike again, was Suggestion...

Commerco WebMaster <WebMaster@Commerco.Net> Mon, 23 January 2012 18:04 UTC

Return-Path: <WebMaster@Commerco.Net>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99E7F21F86EB for <spfbis@ietfa.amsl.com>; Mon, 23 Jan 2012 10:04:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.988
X-Spam-Level:
X-Spam-Status: No, score=-1.988 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HELO_MISMATCH_NET=0.611]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H9ewPQEg--oC for <spfbis@ietfa.amsl.com>; Mon, 23 Jan 2012 10:04:04 -0800 (PST)
Received: from MS1.MailSys.Net (MS1.MailSys.Net [66.135.47.141]) by ietfa.amsl.com (Postfix) with ESMTP id 253BA21F86EF for <spfbis@ietf.org>; Mon, 23 Jan 2012 10:04:04 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=mailsys; d=Commerco.Net; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding:x-fromip:x-fromcountry; b=ZDr+7pzLNvG+TtJnoTBr6GTbVl7HGxeCwOv7oCgrR3nQXOCg0OYOz1I/r4pYH49EkheQglcTPRKjfOExfOF+W0fGD69Xg3bTWV46Rretyb6YO5mR/d99xOiDdg9cx3WX5g2uNndW2AQaUioLXY2iH9y9bRt7hLJvcfx04QlO5UQ=
Received: from [71.216.84.59] by MS1.MailSys.Net (ArGoSoft Mail Server .NET v.1.0.8.3) with ESMTP (EHLO [10.240.241.49]) for <spfbis@ietf.org>; Mon, 23 Jan 2012 18:04:02 +0000
Message-ID: <4F1DA10C.1030201@Commerco.Net>
Date: Mon, 23 Jan 2012 11:03:56 -0700
From: Commerco WebMaster <WebMaster@Commerco.Net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: spfbis@ietf.org
References: <F5833273385BB34F99288B3648C4F06F19C6C15673@EXCH-C2.corp.cloudmark.com> <F5833273385BB34F99288B3648C4F06F19C6C1569C@EXCH-C2.corp.cloudmark.com> <1590867.1quv5UxKKV@scott-latitude-e6320> <4EFCB88A.1080104@mail-abuse.org> <4EFE6F39.90000@isdg.net> <4F0358CC.6030505@mail-abuse.org> <4F03775B.4050905@isdg.net> <4F04E292.9030502@mail-abuse.org> <4F04FB1C.7070302@isdg.net> <4F060E74.2070103@cisco.com> <4F063F09.3030900@isdg.net> <4F06884D.2070509@mail-abuse.org> <4F082861.5080803@tana.it> <4F09269C.6090402@isdg.net> <4F0B0035.3050106@cisco.com> <4F0C9777.1090904@mail-abuse.org> <4F0C9E61.1010306@cisco.com> <4F0DD063.5090103@tana.it> <4F0E0A7E.1040905@isdg.net> <Pine.GSO.4.62.1201111726390.13909@spaz.oit.wmich.edu> <4F10BEED.7050207@mail-abuse.org> <4F10DD94.8040905@isdg.net> <4F1190BB.9080202@mail-abuse.org> <4F16A2FB.3070709@isdg.net> <F5833273385BB34F99288B3648C4F06F19C6C158E7@EXCH-C2.corp.cloudmark.com> <4F1BA4C2.9010705@isdg.net> <4F1D8848.4090206@cisco.com>
In-Reply-To: <4F1D8848.4090206@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-FromIP: 71.216.84.59
X-FromCountry: US
Subject: Re: [spfbis] Local macros strike again, was Suggestion...
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spfbis>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jan 2012 18:04:08 -0000

Perhaps it is also important to remember that SPF is not really an anti 
spam system per se, rather it is a standard which primarily confirms 
that a domain name has indeed been permitted by its holders to send 
messages from a defined set of MTAs.  Obviously, SPF does have some uses 
as regards reducing spam in situations where a bad guy may be hijacking 
a domain name for their spam and thus besmirching the reputation of the 
domain name in the eyes of the receivers of said spam.

So, if a spammer sends a message via a domain which they actually do 
hold (and thus can control DNS and consequentially create appropriate 
SPF or TXT records), their mail would certainly be legitimate from an 
SPF standpoint.  The value of SPF in this case is that the spammer 
cannot then go on to claim that they were not the originators of the 
mail, or that somehow their mail servers were hijacked by some unknown 
bad guy.

A positive SPF eval should always confirm that the sending domain name 
was permitted to send, by DNS configuration, a message via the MTA from 
which the message came.  Thus, all the intended valid email for a domain 
name should make it through to the receiving MTA, while additional MTA 
processing would be needed to address the spammier looking email which 
made it through, as it was before SPF ever existed.

Best,

Alan M.

On 1/23/2012 9:18 AM, Philip Gladstone wrote:
> There is significant value in distinguishing neutral from positive. This
> is when this signal is an input into an anti-spam system. A positive SPF
> eval will (typically) allow slightly spammier looking emails through,
> whereas a neutral would be slightly stricter.
>
> Philip
>
> On 1/22/2012 12:55 AM, Hector Santos wrote:
>> Hi Murray,
>>
>> I guess it all depends on how its written, but my only concern is that
>> no one should get bent out of shape about trying to implement a
>> "default rule" that would apply to all. I say that from the point of
>> view that REJECTION is a strong part of SPF and this best guess idea
>> can only serve a purpose for "reporting," at best, for one data point:
>>
>> The sender and receiver are part of the same network.
>>
>> If this was a fundamental concept for all, i.e. part of the spec, then
>> I can see the default "rule" applying for filters and IMO, we really
>> never would need SPF.
>>
>> But that is not an SMTP setup operational requirement, so I find no
>> value in this default rule other than getting some "interesting data
>> point" about the sender network setup. The Sender/Receiver is part of
>> the same network. So what? It means nothing, at least I don't see it
>> unless a NON-SPF logic is done to see if the MX is black listed or
>> doesn't exist.
>>
>> Per SMTP, an MX is not a requirement and we use a fall back to the A
>> record. If that fails, depending on the implementation it could be
>> filtered. i.e. many systems use a "NO MX/TRIED A record Once" concept
>> when sending mail.
>>
>> --
>>
>>
>> Murray S. Kucherawy wrote:
>>>> -----Original Message-----
>>>> From: spfbis-bounces@ietf.org [mailto:spfbis-bounces@ietf.org] On
>>>> Behalf Of Hector Santos
>>>> Sent: Wednesday, January 18, 2012 2:46 AM
>>>> To: spfbis@ietf.org
>>>> Subject: Re: [spfbis] Local macros strike again, was Suggestion...
>>>>
>>>>> AFAIK, t-online.de never published SPF records. Some implementers
>>>>> leveraged SPF built-in functions to make "best guesses" about domains
>>>>> lacking SPF records. This tactic is found in many SPF implementations
>>>>> as it will be for years.
>>>> Who?
>>>>
>>>> This must be completed isolated.
>>>
>>> It's not. A Google search for "best guess SPF" comes up with
>>> numerous records, and I've seen it referenced in white papers. And I
>>> know for a fact that Gmail uses it.
>>>
>>> The best definition I've seen is here:
>>> http://www.openspf.net/FAQ/Best_guess_record
>>>
>>> I think part of the -bis effort should include an appendix that talks
>>> about this, albeit informatively, just so that a real consensus
>>> definition exists someplace.
>>>
>>> -MSK
>>> _______________________________________________
>>> spfbis mailing list
>>> spfbis@ietf.org
>>> https://www.ietf.org/mailman/listinfo/spfbis
>>>
>>>
>>
>

v2.23.0 | Report a Bug | By Email