Re: [mailop] Effeciveness (or not) of SPF

On Wed, Dec 9, 2020 at 11:29 PM Thomas Walter via mailop wrote: > Hey Brandon, > > On 09.12.20 00:55, Brandon Long via mailop wrote: > > > > On Tue, Dec 8, 2020 at 1:31 AM Paul Smith via mailop > > wrote: > > If you're forwarding to your own company's mail server,

Re: [mailop] Effeciveness (or not) of SPF

On Thu, Dec 10, 2020 at 1:27 PM Liam Fisher via mailop wrote: > > SPF plays havoc with forwards unless the sender is rewriting their > envelope from addresses to a domain with SPF friendly to their > source. > Unless you do a good job of not forwarding your spam mail, we don't recommend

Re: [mailop] Effeciveness (or not) of SPF

-Original Message- >From: Thomas Walter via mailop >Sent: Dec 10, 2020 2:26 AM >To: mailop@mailop.org >Subject: Re: [mailop] Effeciveness (or not) of SPF > >Hey Brandon, > >On 09.12.20 00:55, Brandon Long via mailop wrote: >> >> On Tue, Dec 8, 2

Re: [mailop] Effeciveness (or not) of SPF

Hey Brandon, On 09.12.20 00:55, Brandon Long via mailop wrote: > > On Tue, Dec 8, 2020 at 1:31 AM Paul Smith via mailop > wrote: > If you're forwarding to your own company's mail server, then it should > be easy to have that forwarding work with SPF, and if

Re: [mailop] Effeciveness (or not) of SPF

On Tue, Dec 8, 2020 at 1:31 AM Paul Smith via mailop wrote: > On 07/12/2020 21:47, John Levine via mailop wrote: > > > >> Forwarders are one of the things that don't respond well to SPF. But > >> honestly, it's 2020 ... why are we forwarding mail to external services? > >> SRS might be a

Re: [mailop] Effeciveness (or not) of SPF

On Tue, Dec 8, 2020 at 2:44 AM Rich Kulawiec via mailop wrote: > SPF is just about entirely useless, which should surprise nobody. > This was obvious on inspection when it was announced. > > - It's no help with spam: almost without exception, every message that > hits my spamtraps passes SPF. >

Re: [mailop] Effeciveness (or not) of SPF

In article <8487930e-ef45-9354-e451-1e77ecccf...@fh-muenster.de> you write: >-=-=-=-=-=- >-=-=-=-=-=- > > > >On 07.12.20 22:47, John Levine via mailop wrote: >> People do use them as part of a scoring spam filter. But no sensible person >> uses SPF alone to do mail filtering. > >I also thought

Re: [mailop] Effeciveness (or not) of SPF

On 8 Dec 2020, at 10:38, Graeme Fowler via mailop wrote: > Grant said, paraphrased > If you decide otherwise, Rafa Apologies for the mixed use of forename and surname; that was absolutely not intentional. Thanks to those who pointed that out privately. Graeme (who needs to sleep for a long,

Re: [mailop] Effeciveness (or not) of SPF

On 12/8/20 1:02 AM, Hans-Martin Mosner via mailop wrote: > Am 07.12.20 um 23:51 schrieb Thomas Walter via mailop: >> >> I fully agree, but gmail is a bad example, because they actually support >> importing remote mailboxes with pop3 which does not require forwarding. >> We never tried that, but it

Re: [mailop] Effeciveness (or not) of SPF

On 12/8/20 2:10 AM, Thomas Walter via mailop wrote: So in that case you are against servers supporting SRS since it breaks your idea of how email should work? As a sender? Yes. As an email server operator that supports forwarding? No. - Yes, I have SRS configured and functional. Though I

Re: [mailop] Effeciveness (or not) of SPF

On Tue, Dec 08, 2020 at 10:58:22AM +, Paul Smith via mailop wrote: > "Typographically similar" is not "identical". Yes, many people will be > fooled by "typographically similar", but not everyone. SPF (and DKIM) allow > you to verify to some level of certainty that the sender is who they say >

Re: [mailop] Effeciveness (or not) of SPF

> 6. des. 2020 kl. 14:12 skrev Hans-Martin Mosner via mailop > : > > > In addition, manual checks against spam mails from hosts on spam-supporting > or indifferent network IP ranges shows that > spammers provide SPF records for their domains, of course, so properly > applied SPF is bound to

Re: [mailop] Effeciveness (or not) of SPF

On 08.12.20 11:58, Paul Smith via mailop wrote: > Verifying the sender is who they say they are is valuable, even if some > people are fooled by messages from "b...@micr0soft.com". For that it would help _a lot_ if mail clients didn't stop displaying the actual address of the sender. Yes, I am

Re: [mailop] Effeciveness (or not) of SPF

On 08/12/2020 09:22, Paul Smith via mailop wrote: Forwarding is still useful nowadays, but 'willy nilly' forwarding shouldn't be. Nowadays, there needs to be a way to limit forwarding to the forwarding you actually want to happen. The risk of spoofed mail can be catastrophic for a company, and

Re: [mailop] Effeciveness (or not) of SPF

> On 8 Dec 2020, at 10:58, Paul Smith via mailop wrote: > > On 08/12/2020 10:27, Rich Kulawiec via mailop wrote: >> - It's no help with phishing: thanks to ICANN, registrars, and >> the proliferation of TLDs, phishers have their choice of hundreds of >> millions of typographically similar

Re: [mailop] Effeciveness (or not) of SPF

On 08/12/2020 10:27, Rich Kulawiec via mailop wrote: - It's no help with phishing: thanks to ICANN, registrars, and the proliferation of TLDs, phishers have their choice of hundreds of millions of typographically similar domains. Or they can just use freemail providers and rely on the

Re: [mailop] Effeciveness (or not) of SPF

Dnia 8.12.2020 o godz. 10:38:04 Graeme Fowler via mailop pisze: > The domain "owner" has stated something via a lookup system that > practically anyone in the world can query. What we as receivers can't > intuit is whether the "-all" was intentional, whether they knew what it > meant, whether is

Re: [mailop] Effeciveness (or not) of SPF

On 8 Dec 2020, at 10:27, Jaroslaw Rafa via mailop wrote: > Dnia 7.12.2020 o godz. 18:02:08 Grant Taylor via mailop pisze: >> you send me email from an unapproved IP and you have asked me to >> reject unapproved emails via -all, them I'm going to reject your >> email flat out. After all, that's

Re: [mailop] Effeciveness (or not) of SPF

SPF is just about entirely useless, which should surprise nobody. This was obvious on inspection when it was announced. - It's no help with spam: almost without exception, every message that hits my spamtraps passes SPF. - It's no help with phishing: thanks to ICANN, registrars, and the

Re: [mailop] Effeciveness (or not) of SPF

Dnia 7.12.2020 o godz. 18:02:08 Grant Taylor via mailop pisze: > you send me email from an unapproved IP and you have asked me to > reject unapproved emails via -all, them I'm going to reject your > email flat out. After all, that's what /you/ as the domain owner / > administrator /asked/ me to

Re: [mailop] Effeciveness (or not) of SPF

On 07/12/2020 21:47, John Levine via mailop wrote: Forwarders are one of the things that don't respond well to SPF. But honestly, it's 2020 ... why are we forwarding mail to external services? SRS might be a bandaid for this, but isn't the easiest solution to just tell people that forwarding

Re: [mailop] Effeciveness (or not) of SPF

On 08.12.20 02:02, Grant Taylor via mailop wrote: > Obviously I disagree.  Thankfully SPF w/ -all allows second order > receivers to know that I have not authorized the first order receiver to > re-send email on behalf of my domain name. So in that case you are against servers supporting SRS

Re: [mailop] Effeciveness (or not) of SPF

On Mon, Dec 07, 2020 at 03:21:45PM -0600, Scott Mutter via mailop wrote: > Forwarders are one of the things that don't respond well to SPF.  But > honestly, > it's 2020 ... why are we forwarding mail to external services?  SRS might be a > bandaid for this, but isn't the easiest solution to just

Re: [mailop] Effeciveness (or not) of SPF

Am 07.12.20 um 23:51 schrieb Thomas Walter via mailop: > > I fully agree, but gmail is a bad example, because they actually support > importing remote mailboxes with pop3 which does not require forwarding. > We never tried that, but it is an option: Well if giving The Goog all kinds of

Re: [mailop] Effeciveness (or not) of SPF

On Mon, Dec 7, 2020 at 3:51 PM John Levine via mailop wrote: > > People do use them as part of a scoring spam filter. But no sensible person > uses SPF alone to do mail filtering. Nobody should, but some do. Whether or not it's sensible, it's something that some people deal with. > The fact

Re: [mailop] Effeciveness (or not) of SPF

On 12/7/20 2:47 PM, John Levine via mailop wrote: People do use them as part of a scoring spam filter. But no sensible person uses SPF alone to do mail filtering. Well ... maybe I'm not a sensible person then. In the spirit of truth and kickings -- thank you Taylor Mali for "What Teachers

Re: [mailop] Effeciveness (or not) of SPF

Dnia 7.12.2020 o godz. 15:21:45 Scott Mutter via mailop pisze: > > Forwarders are one of the things that don't respond well to SPF. But > honestly, it's 2020 ... why are we forwarding mail to external services? Just because having one main mail account and forward mail from auxilliary accounts

Re: [mailop] Effeciveness (or not) of SPF

On 07.12.20 22:47, John Levine via mailop wrote: > People do use them as part of a scoring spam filter. But no sensible person > uses SPF alone to do mail filtering. I also thought that no sensible person would discard messages even though the SPF entry owner asks them to do a softfail, but I

Re: [mailop] Effeciveness (or not) of SPF

For us, we encourage SPF usage in DNS, simply because the 'big guys' want it or penalize you... As far as inbound, while SPF can be treated as a marker for various forgeries, and also sometimes a specific spam vector, we usually ONLY reject based on SPF if... * The companies SPF is sane *

Re: [mailop] Effeciveness (or not) of SPF

In article you write: >This has been my observation as well. You have to have an SPF record... >but because nobody apparently knows how to configure them accurately and >there's no desire to educate people ... nobody really cares what the SPF >record says. But you've gotta have one! People do

Re: [mailop] Effeciveness (or not) of SPF

> 1. You must have an SPF record in order for the big mail providers to even think about accepting your mail (softfail seems sufficient). > 2. It's not worth rejecting incoming mail simply because it fails SPF.There are too many badly configured servers out there This has been my observation as

Re: [mailop] Effeciveness (or not) of SPF

On 06/12/2020 13:12, Hans-Martin Mosner via mailop wrote: In your experience, where does SPF really help? What are the use cases that I don't see in my spam-blocker tunnel vision? One thing we still encounter occasionally is where a spammer has decided to send email from one of our

Re: [mailop] Effeciveness (or not) of SPF

On Sun, Dec 6, 2020 at 7:20 AM Hans-Martin Mosner via mailop < mailop@mailop.org> wrote: > In addition, manual checks against spam mails from hosts on > spam-supporting or indifferent network IP ranges shows that > spammers provide SPF records for their domains, of course, so properly > applied

Re: [mailop] Effeciveness (or not) of SPF

I think the two groups I am monitoring are not interested in horizontal expansion within their target banks, maybe due to the extreme network security of these institutions? Based on my experience, they keep these infected systems as sleepers, not using them for long periods of time. My

Re: [mailop] Effeciveness (or not) of SPF

To be honest, I am just plain lucky in that respect. Because I have a senior position that allows me to enforce a few things like: 1) I teach a representative from the organization, who will go ahead and train users, about proper use of email, best practices, so on and so forth. 2) One of

Re: [mailop] Effeciveness (or not) of SPF

On Sun, 2020-12-06 at 14:12 +0100, Hans-Martin Mosner via mailop wrote: > > In your experience, where does SPF really help? What are the use cases that I > don't see in my spam-blocker tunnel vision? SPF is most useful as a fallback mechanism for DMARC. DKIM checks fail at least occasionally

Re: [mailop] Effeciveness (or not) of SPF

On 06.12.20 19:27, Mary via mailop wrote: > Now, having a large list of real email bodies, they re-use them for phishing. > They re-send a previously legitimate email but with variations, like > replacing attachments. They can also send mail directly from the inside - without any SPF checks

Re: [mailop] Effeciveness (or not) of SPF

In article you write: >On Sun 06/Dec/2020 16:32:13 +0100 Mary via mailop wrote: >> (but I don't agree with point 2. by Paul, I aggressively block SPF fails, >> even soft errors. If a company doesn't fix their SPF records >then I reject all their mail) Don't your users complain about all of the

Re: [mailop] Effeciveness (or not) of SPF

(long read, take a coffee with you...) I've been monitoring two very sophisticated groups that mostly target banks around Europe. Their operation starts by finding real people working at the targeted banks, next step is to give them a call and ask for their business email address. Their goal,

Re: [mailop] Effeciveness (or not) of SPF

On Sun 06/Dec/2020 16:32:13 +0100 Mary via mailop wrote: (but I don't agree with point 2. by Paul, I aggressively block SPF fails, even soft errors. If a company doesn't fix their SPF records then I reject all their mail) Me too, except if the forwarder is in DNSWL. Best Ale --

Re: [mailop] Effeciveness (or not) of SPF

On 12/6/2020 7:32 AM, Mary via mailop wrote: 5. SPF provides a serious block to phishing attacks. Given the nature of phishing and, especially, its reliance on the message body, rather than on header fields in the message -- nevermind the SMTP return address -- it would be interesting to

Re: [mailop] Effeciveness (or not) of SPF

Dnia 6.12.2020 o godz. 14:12:25 Hans-Martin Mosner via mailop pisze: > night, what I've found is not a single spam mail was held due to SPF fail or > softfail results, but I learnt of several > forwarding hosts in use by our users that I was unaware of before, probably > because they do good

Re: [mailop] Effeciveness (or not) of SPF

4. The more widespread SPF becomes, the more work spammers need to do. Small spam operations tend to go out of business rather quickly. The very "professional" ones all use proper SPF records. 5. SPF provides a serious block to phishing attacks. (but I don't agree with point 2. by Paul, I

Re: [mailop] Effeciveness (or not) of SPF

On Sun, Dec 06, 2020 at 02:12:25PM +0100, Hans-Martin Mosner via mailop wrote: > In your experience, where does SPF really help? What are the use cases that I > don't see in my spam-blocker tunnel vision? In my experience: 1. You must have an SPF record in order for the big mail providers to

[mailop] Effeciveness (or not) of SPF

Hi folks, due to its negative effects on mail forwarding I've resisted touching SPF for a long time (I know mail users should not simply forward their mail, and the effects can be mitigated with SRS, but some users simply can't be bothered to configure multiple accounts and access them properly