Re: VGER does gradual SPF activation (FAQ matter)

Hi,

On Sat, Jun 10, 2006 at 10:26:19PM -0700, jdow wrote:

No sir. FAIL and SOFT_FAIL prove nothing. PASS proves remarkably
little. SPF is not a good criterion for much of anything.

I think kernel.org is a great site to be an early adopter because:
- the mail it transports isn't critical
- it interacts with a very large number of mail sites
- it's customers are reasonably technology-savvy.

It would be a good site to adopt it outgoing. But adopting it as an
incoming message filter is silly.

So by your definition, this method is useful only on outgoing emails
but never on incoming ones. I fail to see how it might be useful
outgoing if nobody checks incoming emails...

(No, SPF doesn't stop spam, but it can increase accountability so that
white/black lists can begin to be more usable).

It does not even do that conclusively. Many of us wish it did. But if
a spammer can post his own spf records he can claim what he wants
about email sources. DNS cache poisoning attacks assure that this can
take place even for sites you might control.

I think that *nobody* can tell whether the result will have positive
or negative effect. This list is populated by technical people who
will be able to participate to the test. A first approach would be
to add a header to the incoming emails telling how they have been
classified, so that people know if their config could lead them to
being blocked in the future. If, after a long test period, we notice
that it causes lots of false positives and that spams still don't
get detected, it may be time to give up on this method. Conversely,
if it turns out that only spam gets detected and that we have no
false positives, why not go one step further then ?

{^_^} Joanne Dow said that. Seriously, I recommend a pass through the
old SpamAssassin users mailing list for past discussions. An
SPF_HELO_SOFTFAIL is the only thing given a sizeable score.

Regards,
Willy

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Relevant Pages

  • Re: SPF and forwarding to Google Mail
    ... I have now set it to forward all incoming mail for me ... Excerpt from the header of an incoming ... As you can see, Gmail does an SPF check, but it does not work ... Hopefully Google and everyone else who has a bit of sense will continue to ...
    (comp.mail.misc)
  • Re: Dial up components
    ... And it does not make sense to send you the lists of components of my builds that support RAS (too big ... >>> I found the problem that I can't dial up and receive incoming calls on ... >>> The external USB modem was installed successfully. ...
    (microsoft.public.windowsxp.embedded)
  • Re: OT: Managing huge Mail/ folders (with mutt?)
    ... Incoming from S.D.A.: ... >> and more high volume lists. ... >> So could anyone tell me how they handle ever growing Mail ... You're duplicating lists.debian.org. ...
    (Debian-User)
  • Re: Dissappeared e-mails
    ... as incoming from the news. ... Is there any check for correct functionality of e-mail delivery? ... I read messages from the public lists. ...
    (Fedora)
  • Re: Blocking Forged Mail
    ... On 09 May 2008 in comp.mail.sendmail, Grant Taylor wrote: ... Is there a good tutorial somewhere on implementing SPF for incoming? ... Joe Makowiec ...
    (comp.mail.sendmail)
Loading