[NCLUG] spam help

[Jake Edge]

Sean Reifschneider wrote:

> SRS does *NOT* require any changes to the MTA, even in qmail it can be
> implemented without changes to qmail.  It does require that the admin
> configure the system for it though.

 From http://new.openspf.org/FAQ/Forwarding:

Does SPF break forwarding?

[ ... ]

Yes, it does. You'll have to switch from forwarding, where the envelope 
sender is preserved, to remailing, where the envelope sender is changed. 
But don't worry, we're working on providing SRS patches for the four 
major opensource MTAs, so that when you upgrade to an SPF-aware version, 
this problem will be solved also.

(this also begs the question about the convicted monopolist's MTA as 
well as any email host that doesn't use one of the big 4 open source MTAs)

> SPF is used by a *LOT* of senders.  Of the domain names I've had send
> e-mail to me in the last month, 437 had no SPF, 97 with SPF.  A lot of
> those are names like 10.9.8.7.comcast.net, so it's a pretty simple count.

publishing an SPF record in no way implies SRS support ... I think you 
will find that there are few SRS supporting email providers out there 
... while it doesn't seem to bother you, envelope sender rewriting seems 
to bother lots of folks ...

FWIW, a quick check of 4 big email providers (gmail, yahoo, aol, 
msn/hotmail) shows that none of them has strict checking (-all), one 
(aol) has 'softfail' (~all), two (gmail, msn/hotmail) have neutral 
(?all), and one has no SPF record (yahoo).  Given that, no email should 
be rejected from any of those domains no matter where they come from. 
AOL mail could marked suspicious if it didn't come from their list of 
hosts ...

> Contrary to the reports about spammers using SPF, I took a sample of a
> bunch of obviously spam domains (1-800-viagra.com), and only around 8% of
> them had SPF records.

Passing SPF checks has been suggested as a heuristic to increase spam 
score for things like spamassassin ...

jake

-- 
Jake Edge - jake at edge2.net - http://www.edge2.net