On 25.02.10 15:22, Marc Perkel wrote:
I'd like to find a way to get people to get their FCrDNS correct. The
way I see it if they can't get RDNS correct they aren't going to get
SPF correct. Unfortunately I get a lot of ham from IPs with no RDNS.
Matus UHLAR - fantomas wrote:
fcrdns
Matus UHLAR - fantomas wrote:
On 25.02.10 15:22, Marc Perkel wrote:
I'd like to find a way to get people to get their FCrDNS correct. The
way I see it if they can't get RDNS correct they aren't going to get
SPF correct. Unfortunately I get a lot of ham from IPs with no RDNS.
Benny Pedersen m...@junc.org writes:
On Thu 25 Feb 2010 10:31:16 PM CET, Kai Schaetzl wrote
I don't know to what you disagree, but SPF is not an anti-spam tool. Full
stop.
oh so what is spf then ?
It is an anti-forgery tool.
On Sat 27 Feb 2010 12:15:58 PM CET, Marc Perkel wrote
but you constantly refuse to use SPF the same way...
Yep - fcrdns doesn't break email forwarding.
spf works as designed, but it does not help domain owners to make the
right spf record on dns to support forwarding if that is wanted
one
On Sat 27 Feb 2010 12:02:15 PM CET, Graham Murray wrote
Benny Pedersen m...@junc.org writes:
On Thu 25 Feb 2010 10:31:16 PM CET, Kai Schaetzl wrote
I don't know to what you disagree, but SPF is not an anti-spam tool. Full
stop.
oh so what is spf then ?
It is an anti-forgery tool.
so i can
End of Thread.
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Benny Pedersen wrote:
On Sat 27 Feb 2010 12:15:58 PM CET, Marc Perkel wrote
but you constantly refuse to use SPF the same way...
Yep - fcrdns doesn't break email forwarding.
spf works as designed, but it does not help domain owners to make the
right spf record on dns to support forwarding
Was my reply 3 hours ago to the very same post that hard to understand?
Take it somewhere else.
End of Thread.
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if
At 06:02 AM 2/27/2010, you wrote:
Benny Pedersen m...@junc.org
writes:
On Thu 25 Feb 2010 10:31:16 PM CET, Kai Schaetzl wrote
I don't know to what you disagree, but SPF is not an anti-spam
tool. Full
stop.
oh so what is spf then ?
It is an anti-forgery tool.
SPF as defined in RFC
4408, is
On Sat 27 Feb 2010 06:13:58 PM CET, Marc Perkel wrote
You're making the assumption that the person who has the recipient
domain has any control over the SPF rules. What often happens is
that one domain is on a server with 1000 other domains and the
hosting compant controls the rules.
Do you guys even read the thread you're contributing to?
This thread has passed its expiration date long ago. Stop beating a dead
horse. One last time: End. Of. Thread.
I'll personally chastise any offenders, and reserve the right to turn on
moderation or unsubscribe.
You want the police when
On 25.02.10 15:22, Marc Perkel wrote:
I'd like to find a way to get people to get their FCrDNS correct. The
way I see it if they can't get RDNS correct they aren't going to get SPF
correct. Unfortunately I get a lot of ham from IPs with no RDNS.
fcrdns can't be used to filter spam because
On 25.02.10 17:08, Marc Perkel wrote:
The forward issue is definitely an annoyance. But SPF has a problem in
that as the supporters admit, it doesn't block spam, and it can't be
used as a white rule because spammers often use SPF correctly.
Marc, why are YOU trolling?
Are you attempting
LuKreme wrote:
Here's where spf is useful.
On 25.02.10 15:31, Marc Perkel wrote:
Except that it breaks forwarded email.
I have never seen any occurence of SPF breaking forwarding.
But if you forward e-mail from someone and you are pretending to be him,
we may reject it because you are
Matus UHLAR - fantomas wrote:
LuKreme wrote:
Here's where spf is useful.
On 25.02.10 15:31, Marc Perkel wrote:
Except that it breaks forwarded email.
I have never seen any occurence of SPF breaking forwarding.
Really? Do you know which problem SRS was meant to address then? If
SPF
LuKreme wrote:
Here's where spf is useful.
On 25.02.10 15:31, Marc Perkel wrote:
Except that it breaks forwarded email.
Matus UHLAR - fantomas wrote:
I have never seen any occurence of SPF breaking forwarding.
On 26.02.10 09:46, Per Jessen wrote:
Really? Do you know which problem
On 25/02/2010 23:31, Marc Perkel wrote:
As someone who forwards email what I see is this.
Sender has restrictive SPF.
Recipient server enforces SPF.
Mail coming through me bounces.
Then they call me to complain and I say, I didn't bounce it. Get rid of
your SPF nd your email will be received.
Original Message
From: Marc Perkel [mailto:m...@perkel.com]
Sent: Thursday, February 25, 2010 6:11 PM
To: Rick Cooper
Cc: 'ram'; users@spamassassin.apache.org
Subject: Re: Off Topic - SPF - What a Disaster
Rick Cooper wrote:
The anti-SPF bandwagon is not ego driven but results
On 25-Feb-2010, at 18:08, Marc Perkel wrote:
it doesn't block spam,
But as I said the absence of SPF can be used to block the most harmful
and risky of spams.
and it can't be used as a white rule because spammers often use SPF
correctly.
It can't be used INDISCRIMINATELY as a
On 26-Feb-2010, at 07:13, LuKreme wrote:
SPF_PASS 0.001
SPF_fail 5.0
whitelist_from_spf *...@ebay.com
whitelist_from_spf *...@paypal.com
--
I WILL NOT AIM FOR THE HEAD
Bart chalkboard Ep. 8F13
On 26/02/2010 14:20, LuKreme wrote:
On 26-Feb-2010, at 07:13, LuKreme wrote:
SPF_PASS 0.001
SPF_fail 5.0
whitelist_from_spf *...@ebay.com
whitelist_from_spf *...@paypal.com
You forgot whitelist_from_spf *...@*.apache.org
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux
On 25-Feb-2010, at 17:48, Lee Dilkie wrote:
One of the problems is that in SA, an SPF_FAIL (hard) doesn't score
much
above a SPF_SOFTFAIL but in my view it should. If an admin has made
the
effort to setup a hardfail record, it should be trusted.
There are far too many incompetent admins
Jason Bertoch wrote:
On 2/25/2010 8:08 PM, Marc Perkel wrote:
The forward issue is definitely an annoyance. But SPF has a problem
in that as the supporters admit, it doesn't block spam, and it can't
be used as a white rule because spammers often use SPF correctly. I'm
not sure what you
Matus UHLAR - fantomas wrote:
On 25.02.10 15:22, Marc Perkel wrote:
I'd like to find a way to get people to get their FCrDNS correct. The
way I see it if they can't get RDNS correct they aren't going to get SPF
correct. Unfortunately I get a lot of ham from IPs with no RDNS.
Matus UHLAR - fantomas wrote:
LuKreme wrote:
Here's where spf is useful.
On 25.02.10 15:31, Marc Perkel wrote:
Except that it breaks forwarded email.
Matus UHLAR - fantomas wrote:
I have never seen any occurence of SPF breaking forwarding.
Jason Bertoch wrote:
SPF wasn't meant to block spam, please stop asserting that.
http://old.openspf.org/howworks.html
Quoting the page:
And as a user, SPF can help you sort the good from the bad. Reject mail
that fails an SPF check.
On Fri 26 Feb 2010 06:50:12 PM CET, Marc Perkel wrote
And - SPF was originally introduced as a spam fighting solution. But
they backed off when it was clear that it didn't fight spam.
alot of lies out there
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
Jason Bertoch ja...@i6ix.com wrote:
Every modern mail solution allows an account holder to pop/imap to
another account to pull in mail from somewhere else.
But this introduces a security hole, where the password to an account
on System A is stored on System B. Forwarding avoids that.
On 26-Feb-10 11:24, Marc Perkel wrote:
Jason Bertoch wrote:
SPF wasn't meant to block spam, please stop asserting that.
http://old.openspf.org/howworks.html
Quoting the page:
And as a user, SPF can help you sort the good from the bad. Reject mail
that fails an SPF check.
And? that's what
On Fri, 26 Feb 2010, Benny Pedersen wrote:
On Fri 26 Feb 2010 06:50:12 PM CET, Marc Perkel wrote
And - SPF was originally introduced as a spam fighting solution.
alot of lies out there
Okay, this is getting stupid. Everyone on this thread, go to:
http://www.openspf.org/Introduction
On Thu 25 Feb 2010 10:31:16 PM CET, Kai Schaetzl wrote
I don't know to what you disagree, but SPF is not an anti-spam tool. Full
stop.
oh so what is spf then ?
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
On Thu, 25 Feb 2010 12:55:50 +0530
ram r...@netcore.co.in wrote:
On Tue, 2010-02-23 at 18:33 -0800, Marc Perkel wrote:
I agree. I've been in the spam filtering business for many years
and have yetto find any use for SPF at all. It's disturbing this
useless technology is getting the false
Marc Perkel wrote on Thu, 25 Feb 2010 09:29:48 -0800:
The anti-SPF bandwagon is not ego driven but results driven. Than you
for admitting that SPF in not a spam filtering solution. However it is
also not a white listing solution because as many people have said here
- spammers are the ones
From: Marc Perkel [mailto:m...@perkel.com] Sent: Thursday, February
25, 2010 12:30 PM To: ram Cc: users@spamassassin.apache.org Subject:
Re: Off Topic - SPF - What a Disaster
ram wrote:
On Tue, 2010-02-23 at 18:33 -0800, Marc Perkel wrote:
Jeff Koch wrote
Marc Perkel wrote:
I can see some theoretical benefits that if you have a list of banks
with SPF and you receive an email from an address that the bank lists
then you can safely pass it. But I find that an easier way to do that
is to use FCrDNS to do the same thing.
Not a theoretical
At 02:31 PM 2/25/2010, you wrote:
Marc Perkel wrote on Thu, 25 Feb 2010 09:29:48 -0800:
The anti-SPF bandwagon is not ego driven but results driven. Than you
for admitting that SPF in not a spam filtering solution. However it is
also not a white listing solution because as many people have
On 25-Feb-2010, at 10:29, Marc Perkel wrote:
The anti-SPF bandwagon is not ego driven but results driven. Than you for
admitting that SPF in not a spam filtering solution. However it is also not a
white listing solution because as many people have said here - spammers are
the ones who are
Jeff Koch wrote on Thu, 25 Feb 2010 15:08:46 -0500:
I disagree.
I don't know to what you disagree, but SPF is not an anti-spam tool. Full
stop.
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
How silly. That's like saying an iPhone is not a gaming device even though
plenty of people use it to play game apps. Perhaps you should re-read the
SPF FAQ's.
At 04:31 PM 2/25/2010, you wrote:
Jeff Koch wrote on Thu, 25 Feb 2010 15:08:46 -0500:
I disagree.
I don't know to what you
Rick Cooper wrote:
The anti-SPF bandwagon is not ego driven but results driven. Than you
for admitting that SPF in not a spam filtering solution. However it
is also not a white listing solution because as many people have said
here - spammers are the ones who are using SPF correctly.
Kai Schaetzl wrote:
Marc Perkel wrote on Thu, 25 Feb 2010 09:29:48 -0800:
The anti-SPF bandwagon is not ego driven but results driven. Than you
for admitting that SPF in not a spam filtering solution. However it is
also not a white listing solution because as many people have said here
Jeff Koch wrote:
At 02:31 PM 2/25/2010, you wrote:
Marc Perkel wrote on Thu, 25 Feb 2010 09:29:48 -0800:
The anti-SPF bandwagon is not ego driven but results driven. Than you
for admitting that SPF in not a spam filtering solution. However it is
also not a white listing solution because
LuKreme wrote:
On 25-Feb-2010, at 10:29, Marc Perkel wrote:
The anti-SPF bandwagon is not ego driven but results driven. Than you for
admitting that SPF in not a spam filtering solution. However it is also not a
white listing solution because as many people have said here - spammers are
Kai Schaetzl wrote:
Jeff Koch wrote on Thu, 25 Feb 2010 15:08:46 -0500:
I disagree.
I don't know to what you disagree, but SPF is not an anti-spam tool. Full
stop.
Kai
You say that here but in your last message you said:
If SPF was adapted 99% (and always strict with no
On Thu, 2010-02-25 at 15:19 -0800, Marc Perkel wrote:
SPF will never be 99% adopted until it actually does something that is
significantly useful. Using it as a white list to bypass a grey list
isn't what I would call significantly useful. SPF fails the actually
works test.
But it DOES do
Marc Perkel wrote:
I'm not hearing from people in this forum who are saying it works.
Even those who are SPF evangelists can't point to any significant
results in either blocking spam or passing ham.
Well it's no magic bullet, but nothing is. I use SPF to try and make my
domain less a target
On 2/25/2010 6:37 PM, Marc Perkel wrote:
A lot of posts with useless rants on a personal grievance against SPF
Marc,
I suspect you're not seeing a bunch of supporters of SPF post on this
thread because most find it tiresome, bothersome, pointless, or all of
the above. I bit my lip until
Jason Bertoch wrote:
On 2/25/2010 6:37 PM, Marc Perkel wrote:
A lot of posts with useless rants on a personal grievance against SPF
Marc,
I suspect you're not seeing a bunch of supporters of SPF post on this
thread because most find it tiresome, bothersome, pointless, or all of
the
On 2/25/2010 8:08 PM, Marc Perkel wrote:
The forward issue is definitely an annoyance. But SPF has a problem in
that as the supporters admit, it doesn't block spam, and it can't be
used as a white rule because spammers often use SPF correctly. I'm not
sure what you mean that forwarding has
On Thu, 25 Feb 2010, Marc Perkel wrote:
Jason Bertoch wrote:
On 2/25/2010 6:37 PM, Marc Perkel wrote:
A lot of posts with useless rants on a personal grievance against
SPF ...
Marc,
I suspect you're not seeing a bunch of supporters of SPF post on this
thread because most find it
Marc,
Which fails when you have someone that has multiple domains that may be
sending mail from the same organization. Mail to me from Citi may comes
from any one of at least 6 different domains, and the mailserver is not
necessarily in the same domain.
Whitelist all 6 domains.
Kelson wrote:
SPF works great as a selective whitelist in SpamAssassin. (And I don't
mean whitelisting all SPF passes. That would be stupid. I mean
whitelisting mail coming from domain X, but only when it passes SPF
and demonstrates that yes, it really came from domain X.)
I'd say that
LuKreme wrote:
On 23-Feb-10 14:17, Bowie Bailey wrote:
SPF enforcement at the MTA is useless for the reasons you specified.
The only exception is if you have a strict SPF policy for your own
domain, you can use it to reject spam pretending to be from your
users.
And that makes it
On Wed, 24 Feb 2010 09:18:38 +0100
Per Jessen p...@computer.org wrote:
LuKreme wrote:
On 23-Feb-10 14:17, Bowie Bailey wrote:
SPF enforcement at the MTA is useless for the reasons you
specified. The only exception is if you have a strict SPF policy
for your own domain, you can use it
Christian Brel wrote:
On Wed, 24 Feb 2010 09:18:38 +0100
Per Jessen p...@computer.org wrote:
LuKreme wrote:
On 23-Feb-10 14:17, Bowie Bailey wrote:
SPF enforcement at the MTA is useless for the reasons you
specified. The only exception is if you have a strict SPF policy
for your
On Wednesday, 24 of February 2010, Per Jessen wrote:
Well, I guess it depends on your point of view - how difficult is it
to set up an MTA to reject mails pretending to be from yourdomain
that didn't originate on your MTA?
Good question - how would you do it?
Postfix: I would have two
Mariusz Kruk wrote:
On Wednesday, 24 of February 2010, Per Jessen wrote:
Well, I guess it depends on your point of view - how difficult is
it to set up an MTA to reject mails pretending to be from
yourdomain that didn't originate on your MTA?
Good question - how would you do it?
On Wed, 24 Feb 2010 10:28:24 +0100
Per Jessen p...@computer.org wrote:
Christian Brel wrote:
On Wed, 24 Feb 2010 09:18:38 +0100
Per Jessen p...@computer.org wrote:
LuKreme wrote:
On 23-Feb-10 14:17, Bowie Bailey wrote:
SPF enforcement at the MTA is useless for the reasons you
On 23.02.10 15:38, Jeff Koch wrote:
In an effort to reduce spam further we tried implementing SPF
enforcement.
You should implement SPF in order to prevent mail forgery, not spam.
SPF is a tool to reduce forgery, not spam.
The fact that most of spam has forged address only helps you.
Within
On 23.02.10 16:17, Bowie Bailey wrote:
SPF enforcement at the MTA is useless for the reasons you specified.
The only exception is if you have a strict SPF policy for your own
domain, you can use it to reject spam pretending to be from your users.
And what is this, if not enforcing SPF at MTA
You don't have to run two postfixes for this.
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
Kai Schaetzl wrote:
You don't have to run two postfixes for this.
Kai
I wasn't suggesting two postfixes, only two smtpds, but what Mariusz
said is even easier.
/Per Jessen, Zürich
On 2010-02-24, Kai Schaetzl wrote:
Postfix: I would have two different smtpd daemons - one for
You don't have to run two postfixes for this.
I think Per means: 2 smtpd processes, not 2 Postfixes..
--
Rob
Christian Brel wrote on Wed, 24 Feb 2010 10:02:02 +:
So you would reject outbound mail from your domain? I'm sure that's a
typo.
He just didn't show the full configuration. It's obvious that you put your
allowance checks first.
Kai
--
Get your web at Conactive Internet Services:
On Wed, 24 Feb 2010 11:39:43 +0100
Rob Sterenborg r.sterenb...@netsourcing.nl wrote:
On 2010-02-24, Kai Schaetzl wrote:
Postfix: I would have two different smtpd daemons - one for
You don't have to run two postfixes for this.
I think Per means: 2 smtpd processes, not 2 Postfixes..
Rob Sterenborg wrote on Wed, 24 Feb 2010 11:39:43 +0100:
I think Per means: 2 smtpd processes, not 2 Postfixes..
and I meant what he meant ;-)
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
On Wednesday, 24 of February 2010, Per Jessen wrote:
I guess you could start hashing things around
with IPTables to redirect certain requests, but once you've done all
of this, changed all the clients etc. etc, you are saying this would
be *easier* than SPF?
See Mariusz Kruks suggestion -
Kai Schaetzl wrote:
Christian Brel wrote on Wed, 24 Feb 2010 10:02:02 +:
So you would reject outbound mail from your domain? I'm sure that's a
typo.
He just didn't show the full configuration. It's obvious that you put
your allowance checks first.
Kai
I did also say 'thinking out
On Wed, Feb 24, 2010 at 11:30:25AM +, Christian Brel wrote:
On Wed, 24 Feb 2010 11:39:43 +0100
Rob Sterenborg r.sterenb...@netsourcing.nl wrote:
On 2010-02-24, Kai Schaetzl wrote:
Postfix: I would have two different smtpd daemons - one for
You don't have to run two
Christian Brel wrote:
On Wed, 24 Feb 2010 11:39:43 +0100
Rob Sterenborg r.sterenb...@netsourcing.nl wrote:
On 2010-02-24, Kai Schaetzl wrote:
Postfix: I would have two different smtpd daemons - one for
You don't have to run two postfixes for this.
I think Per means: 2 smtpd
On Wed, 24 Feb 2010 12:41:29 +0100
Per Jessen p...@computer.org wrote:
Christian Brel wrote:
On Wed, 24 Feb 2010 11:39:43 +0100
Rob Sterenborg r.sterenb...@netsourcing.nl wrote:
On 2010-02-24, Kai Schaetzl wrote:
Postfix: I would have two different smtpd daemons - one for
On Wed, 24 Feb 2010 13:38:55 +0200
Henrik K h...@hege.li wrote:
On Wed, Feb 24, 2010 at 11:30:25AM +, Christian Brel wrote:
On Wed, 24 Feb 2010 11:39:43 +0100
Rob Sterenborg r.sterenb...@netsourcing.nl wrote:
On 2010-02-24, Kai Schaetzl wrote:
Postfix: I would have two
On Wednesday, 24 of February 2010, Christian Brel wrote:
IP yes. I assume your external and internal network are on different
IP-ranges.
What about my home workers? I don't have a VPN, they hook in by DSL
from any number of different providers from outside using SASL/TLS.
They should be
Christian Brel wrote:
Humour me. Does this not mean a need to change the outbound to
either a different IP or port?
IP yes. I assume your external and internal network are on different
IP-ranges.
What about my home workers? I don't have a VPN, they hook in by DSL
from any number of
Matus UHLAR - fantomas wrote:
On 23.02.10 16:17, Bowie Bailey wrote:
SPF enforcement at the MTA is useless for the reasons you specified.
The only exception is if you have a strict SPF policy for your own
domain, you can use it to reject spam pretending to be from your users.
And
On Wed, 24 Feb 2010 14:37:49 +0100
Per Jessen p...@computer.org wrote:
Christian Brel wrote:
Humour me. Does this not mean a need to change the outbound to
either a different IP or port?
IP yes. I assume your external and internal network are on
different IP-ranges.
What
On Wednesday, 24 of February 2010, Christian Brel wrote:
No, they submit on 25 using TLS+SASL. Would making
the changes to Firewall, MTA, plus potentially thosands of clients be
easier than SPF? Would all those angry users screaming because they
can't send mail at all be a good thing? I don't
Christian Brel wrote on Wed, 24 Feb 2010 12:39:47 +:
What about my home workers?
they use SMTP AUTH. It works, believe us. With a standard postfix.
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
On 23.02.10 16:17, Bowie Bailey wrote:
SPF enforcement at the MTA is useless for the reasons you specified.
The only exception is if you have a strict SPF policy for your own
domain, you can use it to reject spam pretending to be from your users.
Matus UHLAR - fantomas wrote:
And what
Christian Brel wrote:
On Wed, 24 Feb 2010 14:37:49 +0100
Per Jessen p...@computer.org wrote:
Christian Brel wrote:
Humour me. Does this not mean a need to change the outbound to
either a different IP or port?
IP yes. I assume your external and internal network are on
Christian Brel wrote on Wed, 24 Feb 2010 14:56:49 +:
But that would reject *everything* that was not authenticated or in 'my
networks'.
Indeed, that's the purpose. And it doesn't matter if you get the mail via
25 or 587. 587 is just a convenience. Any other access to use your server
for
On Wed, 24 Feb 2010 17:09:31 +0100
Per Jessen p...@computer.org wrote:
Tell you what, wouldn't it be a great idea to save all the messing
around and use something universal and simple for the job? Something
lightweight and easy to deploy. I know! What about using SPF!
Christian, I
On 2/23/2010 6:33 PM, Marc Perkel wrote:
I agree. I've been in the spam filtering business for many years and
have yetto find any use for SPF at all. It's disturbing this useless
technology is getting the false positive support we are seeing.
And as people on this list have pointed out 5,000
On Wed, 24 Feb 2010 17:31:19 +0100
Kai Schaetzl mailli...@conactive.com wrote:
Christian Brel wrote on Wed, 24 Feb 2010 14:56:49 +:
But that would reject *everything* that was not authenticated or in
'my networks'.
Indeed, that's the purpose. And it doesn't matter if you get the
On Wed, February 24, 2010 2:28 am, Per Jessen wrote:
Christian Brel wrote:
On Wed, 24 Feb 2010 09:18:38 +0100
Per Jessen p...@computer.org wrote:
LuKreme wrote:
On 23-Feb-10 14:17, Bowie Bailey wrote:
SPF enforcement at the MTA is useless for the reasons you
specified. The only
SPF works great as a selective whitelist in SpamAssassin. (And I don't
mean whitelisting all SPF passes. That would be stupid. I mean
whitelisting mail coming from domain X, but only when it passes SPF
and demonstrates that yes, it really came from domain X.)
I'd say that what you
Christian Brel wrote:
On Wed, 24 Feb 2010 17:31:19 +0100
Kai Schaetzl mailli...@conactive.com wrote:
Christian Brel wrote on Wed, 24 Feb 2010 14:56:49 +:
But that would reject *everything* that was not authenticated or in
'my networks'.
Indeed, that's the purpose. And it doesn't matter
On Wed 24 Feb 2010 05:58:02 PM CET, Kelson wrote
And as people on this list have pointed out 5,000 times, including
myself yesterday:
whitelist_from_spf *...@example.com
def_whitelist_auth *...@example.com
whitelist_auth u...@example.com
freemail_whitelist u...@example.com
this way
On Tue, 2010-02-23 at 18:33 -0800, Marc Perkel wrote:
Jeff Koch wrote:
In an effort to reduce spam further we tried implementing SPF
enforcement. Within three days we turned it off. What we found was that:
- domain owners are allowing SPF records to be added to their zone
files
In an effort to reduce spam further we tried implementing SPF enforcement.
Within three days we turned it off. What we found was that:
- domain owners are allowing SPF records to be added to their zone files
without understanding the implications or that are just not correct
- domain owners
@spamassassin.apache.org
Subject: Off Topic - SPF - What a Disaster
In an effort to reduce spam further we tried implementing SPF enforcement.
Within three days we turned it off. What we found was that:
- domain owners are allowing SPF records to be added to their zone files
without understanding
SPF
properly are the spammers
Cheers,
Mike,
-Original Message-
From: Jeff Koch [mailto:jeffk...@intersessions.com]
Sent: Wednesday, 24 February 2010 9:38 a.m.
To: users@spamassassin.apache.org
Subject: Off Topic - SPF - What a Disaster
In an effort to reduce spam further we
Jeff Koch wrote:
In an effort to reduce spam further we tried implementing SPF
enforcement. Within three days we turned it off. What we found was that:
- domain owners are allowing SPF records to be added to their zone
files without understanding the implications or that are just not correct
On 2/23/10 3:38 PM, Jeff Koch wrote:
since SpamAssassin doesn't block email (and actually, the scoring for
spf failures is pretty low), you must have munged something else up.
if you tried to do pre-queue SPF blocking, yep, go to wsj, yahoo, 'send
link to a friend' and you don't get email,
On 2/23/2010 12:38 PM, Jeff Koch wrote:
In an effort to reduce spam further we tried implementing SPF
enforcement. Within three days we turned it off. What we found was that:
snip
Our assessment is that SPF is a good idea but pretty much unworkable for
an ISP/host without a major education
On Tue, 2010-02-23 at 16:17 -0500, Bowie Bailey wrote:
The only exception is if you have a strict SPF policy for your own
domain, you can use it to reject spam pretending to be from your users.
Agreed. That's all I use it for. I installed SPF during a backscatter
storm, which immediately
From: Martin Gregorie mar...@gregorie.org
Date: Tue, 23 Feb 2010 22:04:07 +
On Tue, 2010-02-23 at 16:17 -0500, Bowie Bailey wrote:
The only exception is if you have a strict SPF policy for your own
domain, you can use it to reject spam pretending to be from your users.
Any other experiences? I love to hear.
1) Publishing SPF records at $DAYJOB coincided with a significant drop in
backscatter seen. I don't know whether it's a matter of spammers forging
fewer spam runs from SPFed domains, or other hosts being smart bout bounces,
or
2) whitelist_auth is
On 23/02/2010 7:51 PM, Dave Pooser wrote:
2) whitelist_auth is worth its weight in platinum
Damn! I knew that should have been a subscription only feature! ;)
On 23-Feb-10 14:17, Bowie Bailey wrote:
SPF enforcement at the MTA is useless for the reasons you specified.
The only exception is if you have a strict SPF policy for your own
domain, you can use it to reject spam pretending to be from your users.
And that makes it worthwhile all by itself.
1 - 100 of 101 matches
Mail list logo
