Re: [Declude.JunkMail] SPF Records and Off-Network Customers

[Scott Fisher]

Here are some of my stats that backup what Matt has said about SPF-Pass. Almost 2/3 spam here.   I'm concerned with all the port 25 blocking and people being forced to use the ISP mail servers, how is SPF is going to adapt to that? Are they going to come up with SPF-FAIL results, which would certainly weaken that test. Or is everyone going to play it safe and we'll end up with lots of SPF-Unknowns which can't be scorable. Test Month Count Ham Spam Unknown SPFFAIL 4/1/2004 1443 8 1421 14 SPFFAIL 5/1/2004 2268 25 2240 3 SPFFAIL 6/1/2004 4006 126 3872 8 SPFFAIL 7/1/2004 6100 30 6065 5 SPFFAIL 8/1/2004 10215 66 10143 6 SPFPASS 4/1/2004 1733 1688 30 15 SPFPASS 5/1/2004 2838 2205 610 23 SPFPASS 6/1/2004 2699 1925 736 38 SPFPASS 7/1/2004 4173 2358 1761 54 SPFPASS 8/1/2004 10268 3963 6202 103 SPFUNKNOWN 6/1/2004 63247 6661 56375 211 SPFUNKNOWN 7/1/2004 269416 29890 238469 1057 SPFUNKNOWN 8/1/2004 318981 32078 285667 1236   ----- Original Message ----- From: Matt To: [EMAIL PROTECTED] Sent: Saturday, September 11, 2004 12:03 PM Subject: Re: [Declude.JunkMail] SPF Records and Off-Network Customers I believe that SPF is almost all hype and hardly any value to speak of. It was originally intended to authenticate hosts, but spammers quickly caught on and started giving themselves SPF records ( http://netscape.com.com/2100-1009_22-5357269.html?part=netscape&subj=technews&tag=mynetscape ).  I believe that SPF Pass will soon be primarily spam hits and that study that I linked to said it was already 1/6 of all such results. Then there is the issue where many domains might use forwarding, E-mail scripts, sites that use E-mail scripts, or any number of different servers, meaning that most are inappropriate for anything but an 'Unknown' record.  Now some administrators will claim a modicum of usefulness to having the Unknown records, although I don't see it, and others appreciate those that do specify their source IP's, I don't see it and let me clearly state why.  First off, it's not SPF that is scoring your E-mail, and even some administrators around here have suggested blocking on SPF Fail alone.  So if I had a domain that had only one server to send from, but I used an E-mail script somewhere for an inquiry to a company that blocks on SPF Fail, I would be shooting myself in the foot.  There are enough people out there misconfiguring their SPF records, and enough people out there that have too much confidence IMO in people setting up their own records to turn this from a minor benefit into a less accurate than desirable solution, and it will only get worse in time as the less aware start implementing them with a one-click solution to limit all E-mail just to one server as far as SPF goes.  There are even administrators out there that have indicated that they would give SPF Unknown results a score. Personally I refuse to implement SPF because I don't want to give less aware/experienced administrators another tool that they can use to potentially block my customer's legitimate E-mail.  I am also somewhat surprised that so many people are waving the banner of SPF.  The only reason IMO to support SPF is to hope that with the support, it turns into something worthwhile down the road after significant modification. Seems to me that pushing SPF currently is done more to say that you do it rather than for what SPF does, a.k.a. a buzzword. Matt David Dodell wrote: Saturday, September 11, 2004, 7:04:55 AM, Darin Cox wrote: Yes. One of the flaws of SPF. However, you can also use a weaker SPF record that says basically that you don't know what mail server it is coming from. Not much point in that except to say that you're using SPF, though I suppose it might be possible that a particular mail admin might penalize sites that haven't implemented SPF in spam weighting. This is not good ... I don't see SPF becoming a useful tool, since I have a few customers in this particular situation, and without widespread SPF implementation I don't see it particularly helpful. A caveat on the above flaw: SPF does have the ability to reference another domains SPF records, so if the ISP in question has implemented SPF you should be able to "inherit" their SPF implementation by referencing it in your own. I haven't had an occasion to try that out yet, though. But this requires me to keep up each customers ISP ... what a pain. And what happens when one travels? I was traveling a few weeks ago, and the hotel's IP connection had port 25 blocked ... so I couldn't use my own SMTP server remotely using SMTP AUTH. I called the hotel's ISP and they opened up port 25 for my room's IP for my stay since I was going to be there for a week, but the average person is not going to do this. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================