[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

[LUG] SPF was Re: Linux - viruses etc

To: list@xxxxxxxxxxxxx
Subject: [LUG] SPF was Re: Linux - viruses etc
From: Simon Waters <simon@xxxxxxxxxxxxxx>
Date: Thu, 07 Feb 2013 04:54:56 +0000
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Openpgp: id=8F455606

On 06/02/13 22:50, Kelly Jones wrote:
>
> Anyone using SPF 

Not I.

Almost no one rejects on SPF hard fail because it gives too many false
positives.

Judging from mail logs on boxes that forward email without SRS, only the
occasional corporate mail admin with little experience of running email
servers block SPF fail outright (is it enabled by default in Exchange or
something?), they usually get it knocked out of them when people
complain their email isn't arriving.

SPF information was fed into the scoring for spam filtering when I was
doing that.

The issue of course is that SPF is only slightly broken for
authenticating message origin (fails on forwarding), but easily bypassed
for stopping spam.

During the early adoption phase of SPF there was one point where
spammers were adopting SPF faster than non-spammers (presumably one of
the big email providers - probably Hotmail - was letting SPF approved
email through too readily), and here lies the problem with it as an
anti-spam measure.

Most of the unsolicited email that gets through my filters now is from
SPF approved, or SPF soft fail sites. Although that may be in part that
SPF hard fail is a clue used by those building RBLs that a sender is a
spammer.

The bigger meta problem with SPF, DKIM etc, is that it doesn't
authenticate the sender, only the sending domain. The problem of
authenticating the sender was already solved (twice over) when they were
introduced - OpenPGP and S/MIME.

To SOLVE the perceived spam problem you need to authenticate the sender,
AND maintain a list of authenticated senders you want to receive
messages from. For most people this throws the baby out with the bath
water, as they actually want to receive email from senders they haven't
white listed yet. Any system that allows this later step, messages from
unknown senders, will likely allow spam at some level.

In practice even modest barriers before accepting a message deter most
spam. Which is why most people get more email spam than postal spam.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Follow-up: Re: [LUG] SPF was Re: Linux - viruses etc
- From: Gordon Henderson
Follow-up: Re: [LUG] SPF what is it ?
- From: paul sutton
Follow-up: Re: [LUG] SPF was Re: Linux - viruses etc
- From: Kai Hendry

References:
- [LUG] Linux - viruses etc
  - From: Neil Winchurst
- Re: [LUG] Linux - viruses etc
  - From: raymond.knowles@xxxxxxxxxxxxx
- Re: [LUG] Linux - viruses etc
  - From: Simon Avery
- Re: [LUG] Linux - viruses etc
  - From: Gordon Henderson
- Re: [LUG] Linux - viruses etc
  - From: Simon Avery
- Re: [LUG] Linux - viruses etc
  - From: Kelly Jones

Prev by Date: Re: [LUG] An observation on wordpress and scripted attacks
Next by Date: Re: [LUG] An observation on wordpress and scripted attacks
Previous by thread: Re: [LUG] Linux - viruses etc
Next by thread: Re: [LUG] SPF was Re: Linux - viruses etc
Index(es):
- Date
- Thread