headers
Philip Gladstone | 1 Nov 2003 15:09

SPF Auto responder

I have put up an auto responder at spftest@... It 
records where your message came from and then responds with a suggest 
SPF record. The record is based on all the messages that have been sent 
from users in that domain.

Please give it a try and let me know what you think.

Philip

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.txt
To unsubscribe, change your address, or temporarily deactivate your subscription, 
please go to http://v2.listbox.com/member/?listname=spf-discuss-B7dvP5mc3PhiK979QBapAg <at> public.gmane.org
Permalink | Reply | 0 comments |
headers
Mark Lentczner | 1 Nov 2003 19:36
Gravatar

Anyone else going to Hackers?

Is anyone else on this list going to the Hacker's conference?  If there 
is a quorum, perhaps we should organize a BOF.

	- Mark

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.txt
To unsubscribe, change your address, or temporarily deactivate your subscription, 
please go to http://v2.listbox.com/member/?listname=spf-discuss-B7dvP5mc3PhiK979QBapAg <at> public.gmane.org
Permalink | Reply | 0 comments |
headers
Meng Weng Wong | 3 Nov 2003 01:43
Picon

clay shirky on social software

i was reading this, and the "social-engineering" consequences of SPF
kept coming to mind; there are a number of high points in his essay that
i found relevant to the design challenges of SPF.

http://shirky.com/writings/group_enemy.html

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.txt
To unsubscribe, change your address, or temporarily deactivate your subscription, 
please go to http://v2.listbox.com/member/?listname=spf-discuss-B7dvP5mc3PhiK979QBapAg <at> public.gmane.org
Permalink | Reply | 0 comments |
headers
Philip Gladstone | 3 Nov 2003 04:09

Additional thoughts

I have now recorded 72 different senders to my spftest email address and 
my regular email address. Most entries can be handled with 'mx'. Some of 
the rest is spam (I suspect joe-jobbed in some cases!), but there is a 
set which needs a ptr: mechanism which is the parent of the original 
domain. For example:

dumbo.pobox.com  needs a ptr:pobox.com

This leads me to the following:

* Extend the macro syntax that I described earlier to *all* mechanism 
arguments. Unify it with the exp macro syntax for uniformity.

* Add a number of macro qualifiers -- the digits 1 to 9. This is to be 
interpreted as the number of components to substitute.

Then the rule for dumbo.pobox.com could be    ptr:%{d2}

While you could argue that this is no simpler than ptr:pobox.com, I 
think it is conceptually cleaner.

Philip

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.txt
To unsubscribe, change your address, or temporarily deactivate your subscription, 
please go to http://v2.listbox.com/member/?listname=spf-discuss-B7dvP5mc3PhiK979QBapAg <at> public.gmane.org
(Continue reading)

Permalink | Reply | 8 comments |
headers
Phil White | 3 Nov 2003 12:38
Picon

Re: .forward issues

Hi Marc,

On Thursday 30 October 2003 00:50, Marc wrote:
> I have to disagree with you about a portion of your message:
> > the admin of an MTA is opnly interested in 1 thing -
> > delivering legitimate email. Spam, worms/viri etc from forged
> > and non-existant addresses should be IMMEDIATELY rejected, not
> > bounced, by issuing a 5xx response at the DATA command. A forged
> > email is simply not allowed onto my server.
>
> Actually, I think that the first part of the above is exactly correct--the
> MTA admin is only interested in delivering legitimate email.  Bandwith
> costs and CPU costs are, for the most part, insignificant.  Especially when
> related to the costs of end-user time to process and discard mail.  Yes, a
> complete inbox of spam (let alone multiple mailboxes, or hundreds) can take
> up a serious amount of storage, but simply receiving a complete message and
> discarding it as spam does not take up permanent storage.  And as
> SPF+blacklisting becomes more effective, the bandwith will be reduced
> because less spam will be sent.

I would love to agree with your last sentence - at the moment I am just 
-hoping- that less spam will result!

I must confess to forming my views on a mix of other peoples opinions and my 
own personal experience - with a heavy slant to the former. OK, starage is 
not an issue for my server (though it is for me - I'm daft enough to keep 
copies of most spam for analysis later..!). Bandwidth, however, is an issue, 
and we ought to keep this in mind.

Random disjointed comments, as I am travelling today, and short on time...
(Continue reading)

Permalink | Reply | 501 comments |
headers
Meng Weng Wong | 3 Nov 2003 14:42
Picon

extending the macro syntax

On Sun, Nov 02, 2003 at 10:09:21PM -0500, Philip Gladstone wrote:
| 
| * Extend the macro syntax that I described earlier to *all* mechanism 
| arguments. Unify it with the exp macro syntax for uniformity.
| 
| * Add a number of macro qualifiers -- the digits 1 to 9. This is to be 
| interpreted as the number of components to substitute.
| 
| Then the rule for dumbo.pobox.com could be    ptr:%{d2}
| 
| While you could argue that this is no simpler than ptr:pobox.com, I 
| think it is conceptually cleaner.

That sounds good.  Is there anybody on this list who is experienced in
Perl and would like to help put these kinds of changes into the code?
We can afford a token payment of maybe $20/hr capped, mail me off-list
to discuss.

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.txt
To unsubscribe, change your address, or temporarily deactivate your subscription, 
please go to http://v2.listbox.com/member/?listname=spf-discuss-B7dvP5mc3PhiK979QBapAg <at> public.gmane.org
Permalink | Reply | 7 comments |
headers
seph | 3 Nov 2003 15:12

Re: .forward issues

Phil White <spf@...> writes:

> If a mail is fake, I have to REJECT it, and NOT (NEVER, UNDER ANY 
> CIRCUMSTANCES, ABSOLUTELY PROHIBITED {you get the idea!}) accept it, then 
> generate a bounce.

I believe most spam is sent through open relays, with bogus sender
information. REJECTing spam just makes the relay generate a bounce,
which is often to a valid address. Thus I've taken to just dropping
spam. It's not a solution I'm happy with, but I think it's better than
the alternatives.

seph

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.txt
To unsubscribe, change your address, or temporarily deactivate your subscription, 
please go to http://v2.listbox.com/member/?listname=spf-discuss-B7dvP5mc3PhiK979QBapAg <at> public.gmane.org
Permalink | Reply | 0 comments |
headers
Philip Gladstone | 4 Nov 2003 02:56

Re: extending the macro syntax

I have a patch file at http://pond.gladstonefamily.net/Query.pf that 
updates 1.7pre1 to a version that handles a unified macro syntax.

I've also fixed the spftest@... responder to check
to 
see if your existing SPF record works (in the sense of saying 'allow'). 
If it does, then it tells you so. It also now returns macro syntax (in 
the one case of 'ptr:%{d2}').

I managed to lose the database of addresses, helo, etc that I had built 
up. I'm building it up again.

Philip

Meng Weng Wong wrote:

>On Sun, Nov 02, 2003 at 10:09:21PM -0500, Philip Gladstone wrote:
>| 
>| * Extend the macro syntax that I described earlier to *all* mechanism 
>| arguments. Unify it with the exp macro syntax for uniformity.
>| 
>| * Add a number of macro qualifiers -- the digits 1 to 9. This is to be 
>| interpreted as the number of components to substitute.
>| 
>| Then the rule for dumbo.pobox.com could be    ptr:%{d2}
>| 
>| While you could argue that this is no simpler than ptr:pobox.com, I 
>| think it is conceptually cleaner.
>
>That sounds good.  Is there anybody on this list who is experienced in
(Continue reading)

Permalink | Reply | 6 comments |
headers
Meng Weng Wong | 4 Nov 2003 03:29
Picon

Re: extending the macro syntax

On Mon, Nov 03, 2003 at 08:56:27PM -0500, Philip Gladstone wrote:
| I have a patch file at http://pond.gladstonefamily.net/Query.pf that 
| updates 1.7pre1 to a version that handles a unified macro syntax.
| 
| I've also fixed the spftest@... responder to check
to 
| see if your existing SPF record works (in the sense of saying 'allow'). 
| If it does, then it tells you so. It also now returns macro syntax (in 
| the one case of 'ptr:%{d2}').
| 

i have applied the patch, thanks.  can you propose a set of tests for
the new macro syntax?

1.7pre2 is now downloadable at the web site.

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.txt
To unsubscribe, change your address, or temporarily deactivate your subscription, 
please go to http://v2.listbox.com/member/?listname=spf-discuss-B7dvP5mc3PhiK979QBapAg <at> public.gmane.org
Permalink | Reply | 5 comments |
headers
Philip Gladstone | 4 Nov 2003 03:44

Re: extending the macro syntax

I'll try and put together some tests using my DNS server (which I can 
control). I'll let you have the records once I have that all working. 
What DNS server software do you use -- i..e what should the zone file 
look like. I'm using tinydns so that format would be best for me.

Philip

p.s. This is the current set of records that I have generated:

idigjesus.com     IN TXT "v=spf1 ptr:rr.com default=softdeny"
esmx10.mattel.com IN TXT "v=spf1 mx default=softdeny"
e.delta.com       IN TXT "v=spf1 ptr:%{d2} default=softdeny"
ebay.com          IN TXT "v=spf1 ptr default=softdeny"
lists.sourceforge.net IN TXT "v=spf1 mx default=softdeny"
dalsemi.com       IN TXT "v=spf1 ptr default=softdeny"
rcn.com           IN TXT "v=spf1 ptr:rcn.net default=softdeny"
syslang.net       IN TXT "v=spf1 mx default=softdeny"
v2.listbox.com    IN TXT "v=spf1 mx default=softdeny"
paypal.com        IN TXT "v=spf1 mx default=softdeny"
The SPF record at gladstonefamily.net looks good
returns.groups.yahoo.com IN TXT "v=spf1 ptr:%{d2} default=softdeny"
redhat.com        IN TXT "v=spf1 ptr default=softdeny"
Realtor.com       IN TXT "v=spf1 pi default=softdeny"

The idigjesus.com line was some mail order pharmacy spam. I have fairly 
agressive RBL filtering before it gets to this stage.

Meng Weng Wong wrote:

>On Mon, Nov 03, 2003 at 08:56:27PM -0500, Philip Gladstone wrote:
(Continue reading)

Permalink | Reply | 4 comments |

Gmane