[PLUG] SPF filtering for smtp severs...

Russ Johnson russj at dimstar.net
Fri May 14 13:20:03 UTC 2004 

Michael,

Did you miss the L-O-N-G thread on here (what, last month, month 
before??) about SPF records? Most likely, it's archived by now. If 
nothing else, it's probably cataloged by google.

OK, do you NOT get Linux Journal, that had a very informative article 
about SPF records and how to implement them in a two part article in the 
April and May issues?

Either way, rather than asking questions that are answered with simple 
(and I mean simple) searches via google, you should go to google.

I'm NOT trying to talk down to you, or to put you down in any way, shape 
or form.

I'm simply pointing out that many of the questions you ask are already 
answered, and you'd save time and much bandwidth by looking for the 
answer instead of making someone else look for it for you.

Michael Robinson wrote:

> How can SPF make it possible to know for sure that any
> email message is coming from the source indicated in it's
> header?

Well, the truth is, is doesn't. Nothing does with 100 percent accuracy.

BUT, what is the likelihood that someone is going to spoof both the name 
AND ip address of a valid mail server, in spam?

The name is easy. The IP is harder.

> Is SPF a fully developed approach to shutting down mail
> forging, or is it still experimental?

Looked pretty developed to me in the LJ articles. Enough so that 
multiple MTAs support it.

> This idea of pressuring anti-spam technologies onto the
> Internet, will hobbyist's get sued for noncompliance? 
> If someone can patent an idea and sue everyone using
> it, what's to stop SPF, or any other technique, from
> getting patented and charged for?

Not a question anyone here can answer with authority. Ask a patent lawyer.

> As far as denial of service if too many DNS requests
> for the TXT records SPF is based on, how much of
> a problem could that be?

Why would it be any different than anything else? The DNS does one 
query, caches it, and then does another query when the TTL runs out. 
Usually a couple of days or more later.

>   I get hundreds of junk mail
> attempts a day where the domains chosen do seem to
> be pulled out of thin air.  The sitenames used probably
> have nothing to do with where this mail comes from.

Probably. And for those, the SPF record doesn't exist, so it's tagged as 
unknown. The system can't tell if it's forged or not. Only if the domain 
exists, and an SPF record exists can the system say if it believes the 
mail to be spoofed or legit. All other cases default to unknown.

Russ

More information about the PLUG mailing list