Re: SPF Solving Invalid Bounces I thought about the statement below a lot because it seemed correct at first that pushing valid emails to all the gateways would solve the issue. However, the more I thought about it, invalid bounces are a big problems and SPF is a reasonable solution to start cutting down on them. Large batches of outbound false emails that don't match SPF or get repeated bounces should trigger a shutdown of a clients outbound mailing ability especially as worms/virii that forge headers become the norm.
Further, there was a time, not to long ago, when accepting all emails was the "correct" thing to do for the security conscience and I think that time will come back especially if things such as silent discards become more accepted. In other words, having a valid list of users is not always feasible, secure, or allow for queuing during outages/netsplits. I also predict that the minute systems that turn away bad emails at the gateway become ubiquitous, attacks to harvest and obtain those lists will become common place again and dictionary attacks will become less common. SPF is very good in one respect that it is only based on text records. There is no hidden tactics and no harvesting issues that I can see. If implemented in a scoring manner (which is the only method I promote), it has a lot of benefits with very little downfalls. OK, one downfall... <doomsday prediction> For my two cents, the biggest problem which I have witnessed on a very small scale and which has the potential to de-rail virtually any of this email "systems" is a Distributed AND Coordinated System that literally sends a miniscule # of spams (say ONE spam message per day per infected system). I call them DACs and let's say they are sent from a legit users email box, through the correct server, with SPF records, with a valid escrow account (if that system ever wins), no multiple recipients, with a valid MTA, all to valid accounts, etc. Now multiply that by say 45 million infected boxes sending 1 email per day instead of 1 box sending 45 million emails per day. Now consider doing the same thing to harvest good email addresses by looking for one bad or good email per day. Now include address books which are compromised on the same systems and search mail (slowly) on the system and detect all outgoing email addresses for the last 6 months. Now add the ability to remotely control the zombie system so it sends outbound and inbound data (perhaps over port 80 or something 99.9% of the people won't catch. And remember, we only trickle a little out at a time. Maybe 80-bytes a day. Now remember that SPAM (unlike viruses, we hope) = Money = Business = People for Hire. In short, if a virus/worm can get control, moderate the actions, spice up the differences they have, etc. they have a much greater potential to come under the radar for a lot longer. The last major worm/virii brought down an uber-distributed system like google. Imagine if they had actually planned to do that and did it only after reaching a much larger critical mass. Oh wait, I forgot SP2 will save us :-P </doomsday prediction> Regards, KAM > I agree that invalid bounces from forged addresses aren't really a blip > on the scale of email problems. Also they can easily be solved using > existing technology - just have every organization push their "valid > user" list to the mail servers on their network boundary. Then the mail > will be rejected at RCPT TO time, with no undeliverable message > generated. (The ratware and spamware won't generate an undeliverable > message when faced with a 550 No such user.) _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
