Re: spf record

To: debian-isp@lists.debian.org
Subject: Re: spf record
From: Craig Sanders <cas@taz.net.au>
Date: Tue, 31 Jan 2006 19:52:09 +1100
Message-id: <[🔎] 20060131085209.GB3803@taz.net.au>
In-reply-to: <[🔎] 20060121135807.GB14124@www.lobefin.net>
References: <[🔎] 43D0F355.5050503@rcrcomputing.com> <[🔎] 6640D448BFB97BD51DB8591A@dhcp-2-206.wgops.com> <[🔎] 43D10A66.3020502@goirand.fr> <[🔎] 20060120200106.GD549@verkkotelakka.net> <[🔎] 43D14814.5010207@emenaker.com> <[🔎] 20060120234030.GE549@verkkotelakka.net> <[🔎] 43D1867D.3070409@emenaker.com> <[🔎] 20060121135807.GB14124@www.lobefin.net>

On Sat, Jan 21, 2006 at 01:58:07PM +0000, Stephen Gran wrote:
> This is simply not true in the wider world of email. There are many
> legitimate mail servers out there that haven't upgraded to using EHLO.
> There are many people running software like qmail or exchange that
> can't do recipient verification at smtp time, and produce huge volumes
> of backscatter. If mail admins can't be bothered to do these most
> basic of things, what makes you htink the entire world is going to
> switch to using one of many competing ideas about sender verification?

the same reason they were forced to get off their lazy butts and
close their open relays - they (or their boss) want their mail to get
delivered. open relays run by lazy admins were once a huge problem,
probably the greatest single spam problem. RBLs fixed that. now open
relays are almost non-existent.

eventually, SPF will be in widespread enough use that lazy admins will
have to implemewnt SPF records if they want their mail to be accepted.

that probably wont be for several years yet, but it will eventually
happen.

> Not to mention that of course spf has major implementation problems
> (forwarded email being the main one, but there are others). It
> also is a plan that necessitates every mail admin working in
> concert to make it useful, which makes it a pipe dream. And
> finally, even if every one did it, it still won't stop spam
> (see below). You can see most of these arguments said better at
> http://david.woodhou.se/why-not-spf.html

restrictive SPF records aren't appropriate for most ISP domains. it's
really only useful for domains that handle mail for a single "entity" -
private individuals, businesses, corporations (i wish more banks woul;d
use it), etc - that have a smallish set of known mail servers.

the arguments against SPF are all based on the assumption that the
average generic ISP would or should publish very restrictive SPF records
- which would be foolish.

SPF is a very limited tool. it does one little job (preventing forgery)
reasonably well. the problem is that lots of people think it does other
jobs (spam blocking) too and get annoyed when they realise it doesnt and
was never intended to.

in other words: be pleased that your screwdriver is great at tightening
screws and dont worry about the irrelevant fact that it makes a lousy
hammer.

> Well, since these appear to be the largest and fastest growing source
> of spam, that about kills spf off as a solution.

SPF IS *NOT* AND NEVER WAS AN ANTI-SPAM TECHNOLOGY.

judge it for what it is, not for what it isnt (and was never intended to be)

craig

-- 
craig sanders <cas@taz.net.au>           (part time cyborg)

Reply to:

References:
- spf record
  - From: Rodney Richison <rodney@rcrcomputing.com>
- Re: spf record
  - From: Michael Loftis <mloftis@modwest.com>
- Re: spf record
  - From: Thomas Goirand <thomas@goirand.fr>
- Re: spf record
  - From: Juha-Matti Tapio <jmtapio@verkkotelakka.net>
- Re: spf record
  - From: Joe Emenaker <joe@emenaker.com>
- Re: spf record
  - From: Juha-Matti Tapio <jmtapio@verkkotelakka.net>
- Re: spf record
  - From: Joe Emenaker <joe@emenaker.com>
- Re: spf record
  - From: Stephen Gran <sgran@debian.org>

Prev by Date: Re: spf record
Next by Date: Re: Exim not accepting undescore in server name?
Previous by thread: Re: spf record
Next by thread: Re: spf record
Index(es):
- Date
- Thread