Re: DNS y registro SPF en debian 6

To: debian-user-spanish@lists.debian.org
Subject: Re: DNS y registro SPF en debian 6
From: Camaleón <noelamac@gmail.com>
Date: Tue, 14 May 2013 17:38:15 +0000 (UTC)
Message-id: <[🔎] kmtsq7$ctp$13@ger.gmane.org>
Reply-to: "A MI NO, ENVIA A LA LISTA" <noelamac+A_MI_NO_ENVIA_A_LA_LISTA@gmail.com>
References: <[🔎] ba162b17cde0c289fd0ae3084fd0fee8@ida.cu>

El Tue, 14 May 2013 13:09:50 -0400, luis escribió:

> Hola a todos, una duda y no se cual variante seleccionar, ,la mejor, la
> que se más seguridad en los correos para evitar el span.

¿Aún no te funciona el servidor de correo y ya estás pensando en SPF? 
Caray :-O

Y por cierto, los registros SPF no sirven exclusivamente para evitar el 
spam sino más bien para comprobar que el remitente es quien dice ser y 
eso no tiene por qué ser considerado "necesariamente" spam. Para luchar 
contra el spam mejor usa un filtro como SpamAssassin o listas grises.

> Para mi la 2 pero quisiera la opinión de ustedes y que me recomiendan.
> 
> variante 1.
> ---------------------------------
> v=spf1 a mx ip4:200.55.141.3 ~all
> 
> ---> si autoriza explicitamente el envio de mail desde servidores no no
> declarados en el servicio SPF
> 
> 
> Variante 2
> ---------------------------------
> v=spf1 a mx ip4:200.55.141.3 -all
> 
> ---> no autoriza explicitamente el envio de mail desde servidores no no
> declarados en el servicio SPF
> 
> 
> alguien puede alcararme ??

Wikipedia explica los calificadores:

***
Qualifiers

Each mechanism can be combined with one of four qualifiers:

+ for a PASS result. This can be omitted; e.g., +mx is the same as mx.
? for a NEUTRAL result interpreted like NONE (no policy).
~ (tilde) for SOFTFAIL, a debugging aid between NEUTRAL and FAIL. 
Typically, messages that return a SOFTFAIL are accepted but tagged.
- (minus) for FAIL, the mail should be rejected (see below).

(...)

Interpretation

SPF FAIL policies can be an effective but problematic tool. A typical 
example is a user that wishes to send an email from a private PC or a 
mobile phone: the user uses his corporate email address but may use a 
different outgoing SMTP server which is not listed in the SPF record. The 
corporate domain may therefore be secure by blocking all email that does 
not originate from themselves, but have thereby limited some of their own 
users. Many organizations consider this compromise acceptable and even 
desirable.

SPF PASS is useful for authenticating the domain for use as a parameter 
to a spam classification engine. That is, the domain in the sender 
address can be considered to be authentic if the originating IP yields an 
SPF PASS. The domain can then be referenced against a reputation database.

SPF results other than PASS (used in combination with a reputation 
system) and FAIL cannot be meaningfully mapped to PASS and FAIL. However, 
a reputation system can easily track independent reputations for each SPF 
result, i.e. example.com:PASS and example.com:NEUTRAL would have 
different reputations, and ditto for the other results. This approach is 
useful even without whitelisting plain forwarders, since the FAIL results 
from the plain forwarders simply accrue an independent reputation.

The meaning of PASS, SOFTFAIL, FAIL is sometimes incorrectly interpreted 
to mean "not-spam", "maybe-spam", "spam" respectively. However SPF does 
nothing of the sort. SPF merely offers an organization firstly the means 
to classify emails based on their domain name instead of their IP address 
(SPF PASS); and secondly, the means to block unauthorized use of their 
domain (SPF FAIL).
***

Yo empezaría con el más suave "~" mientras haces las pruebas.

Saludos,

-- 
Camaleón

Reply to:

Follow-Ups:
- Re: DNS y registro SPF en debian 6
  - From: luis@ida.cu

References:
- DNS y registro SPF en debian 6
  - From: luis@ida.cu

Prev by Date: Re: Postfix sobre squeezy. Pasitos de bebé.
Next by Date: Re: DNS y registro SPF en debian 6
Previous by thread: DNS y registro SPF en debian 6
Next by thread: Re: DNS y registro SPF en debian 6
Index(es):
- Date
- Thread