IETF Logo Mail Archive

Re: [spfbis] A standards track document defining SPF

Andrew Sullivan <ajs@anvilwalrusden.com> Thu, 19 July 2012 14:01 UTC

Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA38121F869E for <spfbis@ietfa.amsl.com>; Thu, 19 Jul 2012 07:01:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.369
X-Spam-Level:
X-Spam-Status: No, score=-1.369 tagged_above=-999 required=5 tests=[AWL=-0.529, BAYES_00=-2.599, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SkKt3qoJNdHP for <spfbis@ietfa.amsl.com>; Thu, 19 Jul 2012 07:01:49 -0700 (PDT)
Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) by ietfa.amsl.com (Postfix) with ESMTP id 4471721F869D for <spfbis@ietf.org>; Thu, 19 Jul 2012 07:01:49 -0700 (PDT)
Received: from mail.yitter.info (69-196-144-227.dsl.teksavvy.com [69.196.144.227]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id E51E08A031 for <spfbis@ietf.org>; Thu, 19 Jul 2012 14:02:41 +0000 (UTC)
Date: Thu, 19 Jul 2012 10:02:39 -0400
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: spfbis@ietf.org
Message-ID: <20120719140239.GB2193@mail.yitter.info>
References: <6.2.5.6.2.20120718130921.0a394300@elandsys.com> <5007322E.9080009@Commerco.Net> <CAL0qLwapgmaNbQx+zb8gMNBVOtKiFzWxDUoRYqsua+tzFrRRLQ@mail.gmail.com> <50077D2B.4020805@Commerco.Net> <500784A5.9010907@isdg.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <500784A5.9010907@isdg.net>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [spfbis] A standards track document defining SPF
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spfbis>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jul 2012 14:01:49 -0000

No hat.

On Wed, Jul 18, 2012 at 11:53:09PM -0400, Hector Santos wrote:

> First, more and more SMTP servers are already requiring a PTR for
> the connecting client, so this result will already be in server's
> DNS resolver cache by the time SPF is checked and processed.

Whoa. 

Some time ago, DNSOP failed to reach consensus on a draft, which died
as draft-ietf-dnsop-reverse-mapping-considerations-06.  There were
plenty of things wrong with that draft (not least of which was the way
it became a soggy blancmange in an attempt to address everyone's
objections), but one distinction it made that is useful is between
_existing_ reverse mapping data and _matching_ reverse mapping data.

In my experience, most SMTP servers that are checking for a reverse
mapping are in fact checking that there is a reverse mapping entry at
all.  They are checking for existing reverse data.

Many spam-scoring systems also check for match, but a
forward-reverse match is _much_ harder to ensure, and that can lead to
a high false positive rate.

The ptr mechansim in 4408 checks for matching reverse data.  This is
both a higher bar to leap, and more expensive to process, than a mere
existence check.

Best regards,

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com

v2.23.0 | Report a Bug | By Email