[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Which Spam Block List to use for a network?

On Thu, Jun 24, 2004 at 08:46:20AM -0400, Mark Bucciarelli wrote:
> On Thursday 24 June 2004 08:17, Kilian Krause wrote:
> > Hi Mark,
> >
> > Am Do, den 24.06.2004 schrieb Mark Bucciarelli um 14:06:
> > > I'm pretty sure this is incorrect.  SPF checks the MAIL-FROM: header,
> > > not From:, so I think this case should work fine ...
> >
> > so you mean this will also cut down the secondary spam through mailinglists
> > (which have a proper SPF most probably). 
> No.  I meant that I send my domain mail through my ISP's SMTP server and I
> can setup my domain's DNS txt record so this works with SPF.

yes.  SPF is useful for small domains, including small businesses, SOHO, and
vanity domains.  it's also useful for corporations that have mail gateways
through which ALL of their outbound mail is supposed to pass.

it's not much use in any other circumstance.

e.g. i have SPF records in my home domains.  it is appropriate to have them
there because i *KNOW* with absolute 100% certainty which hosts are allowed to
send mail claiming to be from those domains.  i also have them because the cost
of having them is negligible (a few minutes of time to create them) even if
there aren't many mail servers which actually check them (hopefully that will
change in future) - in other words, they're not much use at the moment but it
didn't cost me much to publish the SPF TXT records.

i don't have SPF records in any of the thousands of domains on my name-server
at work (an ISP) because i do not and can not know which hosts should be
allowed to send mail claiming to be from these domains.

> [BTW, debian.org does not have an SPF entry.]

nor should it.  there are over a thousand @debian.org addresses, belonging to
over a thousand people, all of whom use their own internet connections to send
mail.  it would be impossible to specify all the hosts allowed to send mail
claiming to be from @debian.org.

as mentioned before, SPF is only useful where the owner of a domain can define
exactly which hosts are allowed to send mail claiming to be from that domain.
as you correctly deduced earlier (but incorrectly dismissed), it IS a very
small percentage of domains which can do this.

for every domain that can have SPF records, there are tens of thousands that
can't...and for every domain that actually does have them, there are millions
that don't.  that will always be the case.  SPF is not useful as a generic
anti-spam/anti-virus tool.  it is a specifically focused anti-forgery tool with
a very limited and small set of domains where it can be used.

sorry to burst your bubble, but wishful thinking won't make it any different.


ps: more on SPF records for debian.org......it's a good idea to think about the
consequences of any action *BEFORE* doing it.  jumping on the bandwagon just
because it's fashionable or because it's all shiny and new is stupid.

craig sanders <cas@taz.net.au>

The next time you vote, remember that "Regime change begins at home"

Reply to: