On Wed, 11 Feb 2009, Ned Slider wrote:
The backscatter he is receiving is most likely DSN messages sent from mail servers in response to his (forged) sender address. SPF will only help if other people's mail servers deploy and bounce mail on failed SPF, but as I asserted in an earlier post to this thread, how much faith do you place in a mail admin deploying SPF _AND_ bouncing messages on SPF failure when they can't even address the issue that their servers are responsible for the backscatter problem by accepting mail for non-existent addresses and then sending DSNs to a forged address.
As I said, SPF and DKIM will only _reduce_ the problem as it depends on The Other Guy to first look at and then do the Right Thing with the authentication data you are providing.
Why should the OP not do something fairly simple (i.e. publish an SPF record) that will at least reduce the problem somewhat?
Let me put it another way, hands up everyone who rejects mail outright that fails SPF?
I did until I found that the SPF milter was overloading my (fairly lightly-provisioned) hosted VPS mail server. I've since increased the resources, I may reinstate an SPF reject policy at SMTP time.
You won't solve the backscatter problem with SPF.
Nobody has claimed that. It helps, but it's not a silver bullet. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- Usually Microsoft doesn't develop products, we buy products. -- Arno Edelmann, Microsoft product manager ----------------------------------------------------------------------- Tomorrow: Abraham Lincoln's and Charles Darwin's 200th Birthdays
