SPF

Vernon Schryver vjs@calcite.rhyolite.com
Sat Jul 24 01:23:01 UTC 2004


> From: Spike Ilacqua 

> I'm not a huge fan of SPF, as an ISP I see what a pain it will be. 
> People like sending work mail from home, and home mail from work and 
> they are not going to be happy when that stops working.  And given how 
> much spam comes from compromised computers which will have legit SPF 
> records, it's value is unclear.   And not to mention these are the 
> spammers that have pretty much beaten everything that's been thrown in 
> there way, including tricky things like Bayesian filters.

And then there are the facts that:

   - SPF was born in a swamp of marketing with a shortage of technical
    clues compared to its predecessors and competitors.  I'm not a fan
    of its competitors, but the other than technically accurate marketing
    behind SPF from the start has irked me.

  - what about .forward files etc.?

   - SPF (or similar) cannot have a significant effect on spam until it
    is widely deployed, but the experience of IPv6 and other things
    shows that could take many years

   - SPF (or similar) can only affect spam sent with forged SMTP envelope
    Mail_From domain names, but judging from the spam I see, that is
    a minority of spam, albeit a large minority.  Many spammers use
    their own domain names even when using Microsoft's spam and virus
    delivery system (zombie proxies).   Consider the domain names used
    by the spammer (or gang) recently calling its self "sh hh" in
    http://www.rhyolite.com/anti-spam/bin/group.cgi?group=151

   - after SPF (or similar) is widely deployed, spammers will stop
    forging domain names, that won't stop them from sending spam

> Despite this, Microsoft has announce that Hotmail, MSN, etc will start 
> enforcing SPF on October 1st, so it's about to become all of the rage. 

That's not exactly how I read the press reports. 
See for example http://www.nwfusion.com/news/2004/0722microtoen.html?net
I thought that Microsoft was promising to support the
IETF's compromise among SPF, Caller-ID, etc.  That September date looks
like the goal from
http://ietf.org/html.charters/marid-charter.html
Skimming the IETF MARID WG archives in
http://www.imc.org/ietf-mxcomp/index.html
makes any repetition of that date sound uninformed.  On the other hand,
that article does say "SPF."

But until MARID finally delivers, how much of the net will install SPF?


> So that might make it a useful tool with greylisting.  In the case where 
> the SPF information can be confirmed, greylisting could be (optionally) 
> skipped.
>
> There are two SPF libraries available:
>
> http://www.libspf.org/
> http://libspf2.org/
>
> So some of the leg work is already done...

I understand that SPF is not Caller-ID and that neither is whatever
the IETF might someday bless.

In any case, greylisting is currently effective against "sh hh."
I would would not want to turn off a greylist check of mail with a
sender domain name of any approximately 950 domain names in
http://www.rhyolite.com/anti-spam/bin/group.cgi?group=151
simply because "sh hh" adds som RRs to its DNS servers at netfinding.com
netfindindin.com networkns.com networknns.com managernic.com
puzhdns.com pushnic.com stilldns.com stildns.com earlyynic.com
ns-202.com nss-202.com conname.com connname.com dnshall.com dnshill.com
dnssheet.com dnsshet.com ...


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.