IETF Logo Mail Archive

Re: [spfbis] Local macros strike again, was Suggestion...

Philip Gladstone <pgladstone@cisco.com> Mon, 23 January 2012 16:18 UTC

Return-Path: <pgladstone@cisco.com>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D20E21F84A6 for <spfbis@ietfa.amsl.com>; Mon, 23 Jan 2012 08:18:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.999
X-Spam-Level:
X-Spam-Status: No, score=-5.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_12=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id epezkchG1C2x for <spfbis@ietfa.amsl.com>; Mon, 23 Jan 2012 08:18:18 -0800 (PST)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id A7CA221F84A5 for <spfbis@ietf.org>; Mon, 23 Jan 2012 08:18:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=pgladstone@cisco.com; l=3002; q=dns/txt; s=iport; t=1327335498; x=1328545098; h=message-id:date:from:mime-version:to:subject:references: in-reply-to:content-transfer-encoding; bh=tst9L+6du16OBP3uKHLHN+ex+eVLjWutx9mFqxy0/JU=; b=BmpKzoqTMH2Qi6dFl44R7lODSP+pD67S4UZ6Y1rHRGa6bvwgPprkNNUr BAp7yT+yDDETr0cG6XeNs83fJ9n1U2JCYPQ8FJ1jHew0TgFW2yJidsBBh MOPjsSJUwotRkLEsf4umkfxBj0LiR3GjeIw8nyjJdpw84XaMFza04BP+w o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgEFAMCHHU+tJXG9/2dsb2JhbABAA4UJqR+BBYFyAQEBBAEBAQ8BEBU2Cg0CAgsRBAEBAQICBRYIAwICCQMCAQIBCQwfCQgTBgIBAR6HYpohAYxjkR4EgSuHVgWCBoEWBIg7jF6FVo0W
X-IronPort-AV: E=Sophos;i="4.71,556,1320624000"; d="scan'208";a="53173877"
Received: from rcdn-core2-2.cisco.com ([173.37.113.189]) by rcdn-iport-8.cisco.com with ESMTP; 23 Jan 2012 16:18:18 +0000
Received: from [10.117.107.26] (rtp-pgladsto-8919.cisco.com [10.117.107.26]) by rcdn-core2-2.cisco.com (8.14.3/8.14.3) with ESMTP id q0NGIGqV031874 for <spfbis@ietf.org>; Mon, 23 Jan 2012 16:18:17 GMT
Message-ID: <4F1D8848.4090206@cisco.com>
Date: Mon, 23 Jan 2012 11:18:16 -0500
From: Philip Gladstone <pgladstone@cisco.com>
Organization: Cisco Systems, Inc
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1
MIME-Version: 1.0
To: spfbis@ietf.org
References: <F5833273385BB34F99288B3648C4F06F19C6C15673@EXCH-C2.corp.cloudmark.com> <4EF8F336.8080508@gathman.org> <F5833273385BB34F99288B3648C4F06F19C6C1569C@EXCH-C2.corp.cloudmark.com> <1590867.1quv5UxKKV@scott-latitude-e6320> <4EFCB88A.1080104@mail-abuse.org> <4EFE6F39.90000@isdg.net> <4F0358CC.6030505@mail-abuse.org> <4F03775B.4050905@isdg.net> <4F04E292.9030502@mail-abuse.org> <4F04FB1C.7070302@isdg.net> <4F060E74.2070103@cisco.com> <4F063F09.3030900@isdg.net> <4F06884D.2070509@mail-abuse.org> <4F082861.5080803@tana.it> <4F09269C.6090402@isdg.net> <4F0B0035.3050106@cisco.com> <4F0C9777.1090904@mail-abuse.org> <4F0C9E61.1010306@cisco.com> <4F0DD063.5090103@tana.it> <4F0E0A7E.1040905@isdg.net> <Pine.GSO.4.62.1201111726390.13909@spaz.oit.wmich.edu> <4F10BEED.7050207@mail-abuse.org> <4F10DD94.8040905@isdg.net> <4F1190BB.9080202@mail-abuse.org> <4F16A2FB.3070709@isdg.net> <F5833273385BB34F99288B3648C4F06F19C6C158E7@EXCH-C2.corp.cloudmark.com> <4F1BA4C2.9010705@isdg.net>
In-Reply-To: <4F1BA4C2.9010705@isdg.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [spfbis] Local macros strike again, was Suggestion...
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spfbis>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jan 2012 16:18:19 -0000

There is significant value in distinguishing neutral from positive. This 
is when this signal is an input into an anti-spam system. A positive SPF 
eval will (typically) allow slightly spammier looking emails through, 
whereas a neutral would be slightly stricter.

Philip

On 1/22/2012 12:55 AM, Hector Santos wrote:
> Hi Murray,
>
> I guess it all depends on how its written, but my only concern is that
> no one should get bent out of shape about trying to implement a
> "default rule" that would apply to all. I say that from the point of
> view that REJECTION is a strong part of SPF and this best guess idea
> can only serve a purpose for "reporting," at best, for one data point:
>
>     The sender and receiver are part of the same network.
>
> If this was a fundamental concept for all, i.e. part of the spec, then
> I can see the default "rule" applying for filters and IMO, we really
> never would need SPF.
>
> But that is not an SMTP setup operational requirement, so I find no
> value in this default rule other than getting some "interesting data
> point" about the sender network setup.  The Sender/Receiver is part of
> the same network. So what?  It means nothing, at least I don't see it
> unless a NON-SPF logic is done to see if the MX is black listed or
> doesn't exist.
>
> Per SMTP, an MX is not a requirement and we use a fall back to the A
> record.  If that fails, depending on the implementation it could be
> filtered. i.e. many systems use a "NO MX/TRIED A record Once" concept
> when sending mail.
>
> --
>
>
> Murray S. Kucherawy wrote:
>>> -----Original Message-----
>>> From: spfbis-bounces@ietf.org [mailto:spfbis-bounces@ietf.org] On
>>> Behalf Of Hector Santos
>>> Sent: Wednesday, January 18, 2012 2:46 AM
>>> To: spfbis@ietf.org
>>> Subject: Re: [spfbis] Local macros strike again, was Suggestion...
>>>
>>>> AFAIK, t-online.de never published SPF records.  Some implementers
>>>> leveraged SPF built-in functions to make "best guesses" about domains
>>>> lacking SPF records.  This tactic is found in many SPF implementations
>>>> as it will be for years.
>>> Who?
>>>
>>> This must be completed isolated.
>>
>> It's not.  A Google search for "best guess SPF" comes up with
>> numerous records, and I've seen it referenced in white papers.  And I
>> know for a fact that Gmail uses it.
>>
>> The best definition I've seen is here:
>> http://www.openspf.net/FAQ/Best_guess_record
>>
>> I think part of the -bis effort should include an appendix that talks
>> about this, albeit informatively, just so that a real consensus
>> definition exists someplace.
>>
>> -MSK
>> _______________________________________________
>> spfbis mailing list
>> spfbis@ietf.org
>> https://www.ietf.org/mailman/listinfo/spfbis
>>
>>
>

-- 
Philip Gladstone
Distinguished Engineer
Product Development
pgladstone@cisco.com
Phone: +1 978-ZEN-TOAD (+1 978 936 8623)
Google: +1 978 800 1010
Ham radio: N1DQ

v2.23.0 | Report a Bug | By Email