Justin Mason | 1 Oct 01:57 2003

Re: [spf-discuss] using HELO instead of MAIL FROM with SPF


Meng Weng Wong writes:
>ouch.  if you don't pass in a meaningful sender, Mail::SPF::Query will
>use the helo domain.

BTW this seems to work very well indeed:

  2.815   0.0000   3.0571    0.000   0.92   -0.10  T_SPF_PASS
  0.063   0.4577   0.0295    0.939   0.74    0.10  T_SPF_FAIL

3% of nonspam gets SPF "pass", 0.45% of spam gets "fail" -- which isn't
bad, given how early in the stdization process it's at.

Ignore the 0.0295% -- that was an error in my own SPF setup, cough ;)

So how naughty is it to use HELO data instead of MAIL FROM for the
SPF check? ;)

--j.

>On Mon, Sep 29, 2003 at 07:31:32PM -0700, Justin Mason wrote:
>| How viable is this -- using the HELO domain instead of the MAIL FROM
>| to use in the SPF check?
>| 
>| I'm running into trouble with getting reliable MAIL FROM data from message
>| headers, unless the MTA has been modified to add it specifically (many
>| don't do this by default, including sendmail).
>| 
>| "Return-Path" in particular is proving unreliable quite often. :(
>| 
(Continue reading)

Meng Weng Wong | 1 Oct 02:02 2003
Picon

Re: [off-list] ASRG - RMX proposals update

On Tue, Sep 30, 2003 at 07:14:31PM -0400, Yakov Shafranovich wrote:
| We would like to have someone else other than the proposal authors 
| coordinate this. Alan DeKok has volunteered. Is he agreeable to you?

Yes, on the condition that we begin to get concrete results by October 16.
I am optimistic that we can work faster once fewer cooks are in the kitchen.

I want to have something to propose at ISPcon on the 21st.  If the
unification effort has not made progress by then, I reserve the right to
present SPF as the next best thing.  I believe this is justified because
the new technique I described is inclusive and allows users to specify
which actual protocol they want to apply as policy, and is therefore
forward-compatible.

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, 
please go to http://v2.listbox.com/member/?listname=spf-discuss-B7dvP5mc3PhiK979QBapAg <at> public.gmane.org

Meng Weng Wong | 1 Oct 02:04 2003
Picon

Re: using HELO instead of MAIL FROM with SPF

On Tue, Sep 30, 2003 at 04:57:34PM -0700, Justin Mason wrote:
| 
| Meng Weng Wong writes:
| >ouch.  if you don't pass in a meaningful sender, Mail::SPF::Query will
| >use the helo domain.
| 
| BTW this seems to work very well indeed:
| 
|   2.815   0.0000   3.0571    0.000   0.92   -0.10  T_SPF_PASS
|   0.063   0.4577   0.0295    0.939   0.74    0.10  T_SPF_FAIL
| 
| 3% of nonspam gets SPF "pass", 0.45% of spam gets "fail" -- which isn't
| bad, given how early in the stdization process it's at.
| 
| Ignore the 0.0295% -- that was an error in my own SPF setup, cough ;)
| 
| So how naughty is it to use HELO data instead of MAIL FROM for the
| SPF check? ;)
| 

If you update your version of Mail::SPF::Query, you should see that it
actually wants a helo argument.  It's needed for the null-sender case
--- MAIL FROM: <>.

NAME
       Mail::SPF::Query - query Sender Permitted From for an IP,email,helo

SYNOPSIS

         my $query = new Mail::SPF::Query (ip => "127.0.0.1",
(Continue reading)

Yakov Shafranovich | 1 Oct 02:20 2003

Re: [off-list] ASRG - RMX proposals update

Meng Weng Wong wrote:

> On Tue, Sep 30, 2003 at 07:14:31PM -0400, Yakov Shafranovich wrote:
> | We would like to have someone else other than the proposal authors 
> | coordinate this. Alan DeKok has volunteered. Is he agreeable to you?
> 
> Yes, on the condition that we begin to get concrete results by October 16.
> I am optimistic that we can work faster once fewer cooks are in the kitchen.
> 

Ok, as soon as a mailing list is setup we'll begin.

> I want to have something to propose at ISPcon on the 21st.  If the
> unification effort has not made progress by then, I reserve the right to
> present SPF as the next best thing.  I believe this is justified because
> the new technique I described is inclusive and allows users to specify
> which actual protocol they want to apply as policy, and is therefore
> forward-compatible.
> 

If there has not been progress by then, AND you are planning on 
presenting your proposal, please make sure that it is NOT being 
presented on behalf of the ASRG, unless both Paul and myself consent.

BTW, Paul will be at ISP Con as well as well as several other ASRGers.

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, 
(Continue reading)

Justin Mason | 1 Oct 02:34 2003

Re: using HELO instead of MAIL FROM with SPF


Meng Weng Wong writes:
> On Tue, Sep 30, 2003 at 04:57:34PM -0700, Justin Mason wrote:
> | So how naughty is it to use HELO data instead of MAIL FROM for the
> | SPF check? ;)
> 
> If you update your version of Mail::SPF::Query, you should see that it
> actually wants a helo argument.  It's needed for the null-sender case
> --- MAIL FROM: <>.

Yeah, I see that -- I mean using *just* the helo argument *for all
messages*, even ones that aren't using the null sender.

--j.

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, 
please go to http://v2.listbox.com/member/?listname=spf-discuss-B7dvP5mc3PhiK979QBapAg <at> public.gmane.org

Meng Weng Wong | 1 Oct 03:08 2003
Picon

Re: [spf-discuss] using HELO instead of MAIL FROM with SPF

hm, then the scheme effectively becomes DHVP, which i have argued
against in the past.  in cases where the envelope sender cannot be
obtained i suggest you skip SPF altogether.  substuting the From: header
seems like the easy solution but may prove unwise.

On Tue, Sep 30, 2003 at 05:34:22PM -0700, Justin Mason wrote:
| 
| Yeah, I see that -- I mean using *just* the helo argument *for all
| messages*, even ones that aren't using the null sender.
| 

-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
wayne | 1 Oct 06:36 2003

Re: using HELO instead of MAIL FROM with SPF

In <20030930023137.EF34416FC7@...> jm <at> jmason.org (Justin
Mason) writes:

> How viable is this -- using the HELO domain instead of the MAIL FROM
> to use in the SPF check?
>
> I'm running into trouble with getting reliable MAIL FROM data from message
> headers, unless the MTA has been modified to add it specifically (many
> don't do this by default, including sendmail).
>
> "Return-Path" in particular is proving unreliable quite often. :(

Is finding a valid SMTP MAIL FROM address in the headers something
that will remain constant for a particular site, or will it depend on
the email that has been received?

It might be best if you skipped the SPF checks if you can't reliably
determine the SMTP MAIL FROM address.  Or, give it a lower score
unless you can determine that it is accurate.

Once upon a time, back when I was participating in the IRTF ASRG
mailing list, I implemented a "domain specific DNSBL", that was an
extremely simple version of SPF.  I hacked on SpamAssassin to do the
checking, and it seemed to work ok for the testing that I did.  It was
really a "proof of concept" to quiet those folks that were complaining
that such a system was "too hard to do".

See:
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg00686.html

(Continue reading)

Meng Weng Wong | 1 Oct 18:34 2003
Picon

RMX Reconciliation - A list has been setup

Keeping y'all in the loop --- we're going to work toward unification so
stay tuned for the future of SPF.

On Wed, Oct 01, 2003 at 12:07:04PM -0400, Yakov Shafranovich wrote:
| Hi folks,
| 
| Alan DeKok is coordinating this process. The following parties 
| are participating:
| 
| Coordinator - Alan DeKok
| Co-Chairs (monitoring) - Paul Judge, Yakov Shafranovich
| DNS RR Proposal - Hadmud Danisch
| DRIP Proposal - Raymond Brand, Laurence Sherzer, Richard Rognlie
| SPF Proposal - Meng Weng Wong
| Other proposals - David Green
| Interested third parties - Mike Ruble, Jose Marcio Martins da Cruz
| 
| The following proposals we are aware of:
| 
| http://www.ietf.org/internet-drafts/draft-danisch-dns-rr-smtp-02.txt
| http://www.ietf.org/internet-drafts/draft-fecyk-dsprotocol-04.txt
| http://www.ietf.org/internet-drafts/draft-brand-drip-01.txt
| http://www.irtf.org/asrg/draft-vixie-repudiating-mail-from.txt
| http://spf.pobox.com/draft-mengwong-spf-01.txt
| http://nospam.couchpotato.net/
| 
| Paul Vixie is unable to join but gave his permission to use his 
| proposal. Keep in mind that the DRIP proposal addresses a different area 
| then the others. I would also like all of you to consider other areas 
| where DNS might help with spam.
(Continue reading)

Justin Mason | 1 Oct 18:56 2003

Re: using HELO instead of MAIL FROM with SPF


wayne writes:
>In <20030930023137.EF34416FC7@...> jm <at> jmason.org (Justin
Mason) writes:
>
>> How viable is this -- using the HELO domain instead of the MAIL FROM
>> to use in the SPF check?
>>
>> I'm running into trouble with getting reliable MAIL FROM data from message
>> headers, unless the MTA has been modified to add it specifically (many
>> don't do this by default, including sendmail).
>>
>> "Return-Path" in particular is proving unreliable quite often. :(
>
>Is finding a valid SMTP MAIL FROM address in the headers something
>that will remain constant for a particular site, or will it depend on
>the email that has been received?

It's site-specific.

Basically, in most current MTAs, the MAIL FROM address may be added
to the headers -- but as a standalone header, like Return-Path
or X-Envelope-From.   This header may be removed, replaced, or
left alone by later relays.

SpamAssassin can run in a variety of situations -- not just on the
external relay.  It can also be run on an internal machine (several
"trusted" relays in), or even behind a fetchmail hop.

Since we have no guarantee that a particular X-Envelope-From/Return-Path
(Continue reading)

wayne | 1 Oct 19:10 2003

Re: RMX Reconciliation - A list has been setup

In <20031001163415.GK2673@...> Meng Weng Wong
<mengwong <at> dumbo.pobox.com> writes:

> Keeping y'all in the loop --- we're going to work toward unification so
> stay tuned for the future of SPF.

Considering that one of the reasons why I support the SPF variant is
*because* it took unified the best aspects of other similar proposals,
I see nothing but good from this.

-wayne

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, 
please go to http://v2.listbox.com/member/?listname=spf-discuss-B7dvP5mc3PhiK979QBapAg <at> public.gmane.org


Gmane