Re: [swinog] SPF implementation
Juerg Reimann wrote: To whom it may concern... I've run a little test whether Swiss ISPs use SPF or not and it turned out that very few have actually implemented it (actually, I found not a single one). Is there a reason for that? It's a very simple implementation and it could prevent a lot of damage like the most recent one after Sober.Q. SPF is broken by design. I would suggest ISPs should implement SPF quickly and talk to their customers about it. (See http://spf.pobox.com/ for further information.) How about you start with your domain and your users first and then report back how it went and what problems you encountered? Lead us the way! -- Andre ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] SPF implementation
hi juerg sorry to say, but it seems you don't know all the advantages/disadvantages of SPF. SPF validates the domain of the mail envelope return-path. this will lead spammers to use on-time-domains (register skdlfjasldfj24829402.com for that) ;-) at the moment you can only use SPF to verificate, that this user is really allowed to send email/spam/whatever and therefore you just say: ok, it's not spam. so, just use SPF as a additional criteria to your probably spamassassin based spam filter, or do you really deny mails on SPF values? another problem are relayed domains or domains, which are forwarded. the SPF entry will be false for that one. then, how do you solve customers, which use abroad email servers to send their emails? (e.g. customer in germany, uses t-online.de mailerver and yes, i know that ther is a solution called SMTP AUTH - tell this to the customer ,-)) and i'm sure you can fake the headers that you will not use SPF to validate those headers. so, in conclusion it's just a thing that takes the spammer some weeks/days/hours to implement a new solution and start again throwing tons of mails out to the big dark space called internet ;-) just my 2 cents -steven oh, at least you implemented it ;-) -su-2.05b# host -t TXT jworld.ch jworld.ch descriptive text v=spf1 ip4:66.150.163.128/26 ip4:82.195.224.240 ~all -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Juerg Reimann Sent: Wednesday, May 18, 2005 4:01 PM To: swinog@swinog.ch Subject: [swinog] SPF implementation To whom it may concern... I've run a little test whether Swiss ISPs use SPF or not and it turned out that very few have actually implemented it (actually, I found not a single one). Is there a reason for that? It's a very simple implementation and it could prevent a lot of damage like the most recent one after Sober.Q. I would suggest ISPs should implement SPF quickly and talk to their customers about it. (See http://spf.pobox.com/ for further information.) Regards, Juerg Reimann -- jradio.ch St. Jakobstrasse 39 CH-8004 Zürich +41 43 544 07 70 business card: http://jradio.ch/contact/ security keys: http://jradio.ch/pubkeys/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] SPF implementation
On Wed, 2005-05-18 at 16:08 +0200, Andre Oppermann wrote: Juerg Reimann wrote: To whom it may concern... I've run a little test whether Swiss ISPs use SPF or not and it turned out that very few have actually implemented it (actually, I found not a single one). Is there a reason for that? It's a very simple implementation and it could prevent a lot of damage like the most recent one after Sober.Q. SPF is broken by design. URL/ref/explaination/fulltext/elaborate? It indeed does not stop spam, it does (partially) stop faking your source email domain, which could partially stop virus spreads, but that would require that a large (75%) of the global is using it. No check somewhere - does not work. I personally would like to see every SMTP box checking that mails are signed per PGP, but that implies other problems too I guess... deployment is the first thing and that other thing called PKI seems to be a long long way on the road to oblivion too. I would suggest ISPs should implement SPF quickly and talk to their customers about it. (See http://spf.pobox.com/ for further information.) How about you start with your domain and your users first and then report back how it went and what problems you encountered? Lead us the way! Well, there is a SPFv1 record on his domain: jworld.ch TXT v=spf1 ip4:66.150.163.128/26 ip4:82.195.224.240 ~all But that ends in a ~all, thus basically the last Sober.Q runs (I assume he means that german propaganda crap of the last couple of days) would not have been 'stopped' because of the above. The ~all would simply mean a softfail, thus the box will accept it, though maybe some spamcheck engine might choose to add some points to the spamscore because of it. The point why I don't have SPF stuff on my domains is simple: IPv6 is not supported well enough, read: it is defined ambiguously and most likely the few boxes that have SPF checking installed won't understand the ip6 directive, thus when sending mail from a domain with the ip6 directive and -all, mail is most likely to end up in nothingness, which is not what one wants, and ~all is simply not adequate. If the above concern would be gone, which will take quite some time, I might add it, as it would save getting my addy used to spam a large number of the ISP's who do check it. Getting those bounces is just a bit annoying even if they end up in the spam folder. Greets, Jeroen signature.asc Description: This is a digitally signed message part ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] SPF implementation
It indeed does not stop spam, it does (partially) stop faking your source email domain, which could partially stop virus spreads, but that would require that a large (75%) of the global is using it. No check somewhere - does not work. SPF will only work for scoring, but not for rejecting e-mails. it's like IPv6 - you cannot expect the whole internet and all domain admins to really put SPF in place - so you'll have around 15% of domains which are using SPF and the rest is not using it or even aware of it (implify everywhere ~all). -steven ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] SPF implementation
Hi Juerg, I've run a little test whether Swiss ISPs use SPF or not and it turned out that very few have actually implemented it (actually, I found not a single one). Is there a reason for that? It's a very simple implementation and it could prevent a lot of damage like the most recent one after Sober.Q. Well, we do. We are not quite an ISP, but for most of the domains we host, we have started to apply SPF. Actually, I know that ip-plus has SPF-rules (restrictive) and solnet also does (allow all). I would suggest ISPs should implement SPF quickly and talk to their customers about it. (See http://spf.pobox.com/ for further information.) Most of our users have been victims in the past of forged from addresses and did indeed understand when we proposed to use SPF. The problem is that if big ISPs like bluewin (where most forged mails come from - at least for us) don't implement it, it's hard to catch the fraud. Regards, Jean-Pierre -- HILOTEC Engineering + Consulting GmbH Energietechnik und Datensysteme Tel: +41 34 402 74 00 - http://www.hilotec.com/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog