[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: @debian.org email forwarding and SPF

>>>>> "Andrew" == Andrew Suffield <asuffield@debian.org> writes:

    Andrew> - invalid sender addresses - valid sender addresses from domains
    Andrew> without SPF enabled

    Andrew> SPF can't stop spam because spammers can trivially evade its
    Andrew> effects. You seem to be assuming that spammers are incapable of
    Andrew> changing their behaviour to respond to things like this.

This is partially correct, but not entirely.  If you receive a mail from a
non-existent domain, you can very safely ignore the mail altogether.  So the
first evasion scheme is not of any use.  The second is somewhat useful for
certain period of time, until most sites enable SPF.  By then one can ignore
such mails with somewhat high confidence as well (well... in spamassissin's
terminalogy, give a high score to a mail just because it comes from
somewhere without SPF record), and rely on white-listing or something
similar to avoid losing important mails.  So I think if there is some way to
help starting the ball rolling and turn most servers of the world to support
SPF, it would really be useful.  The benefit in avoiding being joe-jobbed
would tend to move sites, especially those with high mail volume, towards
SPF.  But will SPF be so successful as to make the second type of evasion
useless as well?  God know.  Spammers probably hope that it won't, and I
think we probably should advocate it so that it tends to break that hope.

    Andrew> Worms can do even worse. They can harvest outlook settings from
    Andrew> the local box and use them to send SPF-authenticated spam or
    Andrew> worms.

This is definitely true.  (I call them viruses rather than worms, since it
requires user actions to propagate, unlike normal worms which would seek
security holes and propagate by itself.)  On the other hand, SPF has no
promise to solve the virus problem.  Unluckily, the virus problem is *very*
difficult to solve, short of educating users; and Joe users---the majority
of users---are *very* difficult to educate.  And even more unluckily, while
the other big OS vendor is really starting to do something about preventing
Joe users compromising their OS so easily, they are also starting to be very
effective in stopping illegal copying, meaning that probably most of the
netizen (who get their copy with illegal means) will continue to use the
version with no protection at all.


Reply to: