Re: SPF-Compliant Spam

2007/8/27, Marc Perkel <marc@perkel.com>:
>
>
> Meng Weng Wong wrote:
> > On Aug 27, 2007, at 11:39 AM, Kelson wrote:
> >
> >> Jason Bertoch wrote:
> >>> Is it wise to blacklist both, or is this yet another case where SPF
> >>> has failed
> >>> to meet projections?
> >>
> >> It's a case where the spammer has just handed you useful information:
> >> You know for sure that the domain name is, indeed, the spammer's
> >> domain name, and not an innocent third-party's. Blacklist it without
> >> hesitation!
> >>
> >
> > Yes, that usage was exactly the design intent of SPF.
> >
> > Once you move from IP to domain reputation, you can do many
> > interesting things.
> >
> > For example, you can go from the known-bad domain to its nameservers.
> >
> > You can then go from those nameservers to detect other bad domains.
> >
> > The URIBL plugin associates URL -> domain -> IP -> reputation lookup.
> >
> > I am writing a similar plugin that associates domain -> NS ->
> > reputation lookup.
> >
> >
>
> Meng - you are doing the email community a huge disservice with SPF. I
> wish you'd just end this lie because SPF is less than useless. I breaks
> existing forwarding standards and it causes false positives. SPF DOESN'T
> WORK!

If my two cents worth anything here, Marc, you're the one doing a major damage to the email community by trying to reduce everything to DNS lookups.

Without going into technical arguments about your practices, you're treating us who don't do as you do as mere stupids. And that, IMHO, is a terrible simplification. If you find you're in the right path FOR YOUR SITUATION, that's ok with me. But you CANNOT become a fanatic and begin yelling to the rest of us that we're going to hell because we don't agree with you. Qouting Einstein, "Only a fool confuses reality with the model. Such a simplification leads to a narrow mind"...

Now, on the technical hand, SPF is an anti-forgery tool, as was said earlier in this discussion. I publish my records for anyone to know if a message which claims to come from my servers (or at least, my domain) is legit or not. If you run majordomo mor mailman based lists, the forwarding issue goes down... Or you could just rewrite your SPF records to include the domains that get forwarded usually, as I do between the two major domains I manage...

Peace,

Luis

-- 
-------------------------------------------------
GNU-GPL: "May The Source Be With You...
Linux Registered User #448382.
When I grow up, I wanna be like Theo...
-------------------------------------------------