[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Which Spam Block List to use for a network?

On Thu, 24 Jun 2004 09:19:41 -0400, Mark Bucciarelli
<mark@easymailings.com> wrote:
> Q: Do all hotmail accounts have Caller-ID records?

(Sorry about the broken replying in my last message)

It's not about hotmail *accounts*, it's either hotmail.com has
published SPF/Caller-ID records or not.  I can't check from where I am
now, but try:

# host -t MX hotmail.com

Also, try:

# host -t MX gmail.com

The last time I checked, hotmail didn't have any TXT records anymore,
either Caller-ID nor SPF. I am almost sure it had published Caller-ID
records before.
In the other hand, Gmail has a "-all" SPF record, which is nice for us
mail admins, who could block fake @gmail.com - like those @yahoo,
@msn, @hotmail that come all the time. They are usually blocked by
some other methods, but some pass.

I disagree with Craig Sanders. I understand that "their users have
legitimate needs to send mail using their address from any arbitrary location,
which is exactly what SPF works to prevent.", but that's why there is
"~all" and other partial, graylisting options. And the *hope* is mail
servers that doesn't use SASL authentication to do so.

I think SPF can help a lot, because phishing and spamming are very
related. One can be fooled to read a mail from
"his-real-friend-mail@hotmail.com" just because he thinks it is
legitimate. This happens all the time. (it could be hotmail.com or any
other domain)

Btw, a very important feature I use in some implementations is that
the mail server will not accept mail from its own domains if the user
is not authenticated, even if the final destination is a valid user.
I've noticed a lot of spam comes with a MAIL FROM (or From, I'm not
sure) faked to the 'domain.tld' part of the smtp server greeting. This
seems to work for me in most scenarios (all my users already have to
authenticate using SASL, anyway). What are your thoughts?

A small contribution:
For those who are still in doubt, the idea of SPF is: one can only
send mails with a @gmail.com sender address from those servers
specified by SPF records in the gmail.com TXT domain record.

If you want to send e-mail from somewhere else, you must ideally
authenticate to gmail's SMTP server (SASL is the keyword here). If you
send e-mail from somewhere else, my server will block you, since it
has an SPF checker (postfix's spf policyd).

This is been a very informative discussion. Thanks!

Yves Junqueira

Reply to: