[swinog] SwiNOG-BE46 - Beer Event 46 - 19th of February 07 @ Don Weber/Zurich

2007-02-14 Thread Steven.Glogger 
hi all

sorry, i'm quite late and reservation deadline is friday ,-( 
but next monday is the next planned beer event (just aside TIX) ,-)

the facts for the next event:
-
Date: 19th of February 2007 

Time: starting around 18.30 o'clock 

Location: @ the "Don Weber" (Hardstrasse 316, Near TIX). It's between
the Escher-Wys Platz and the Cinemax.

Registration deadline: Friday, 16.02.2007 21:00:00 


Registration:
-
Please register here: http://swinog.mrmouse.ch/ Since we have to make
reservations, i need to know who's coming and who not. 
If you cannot attend and you're registered please inform me asap.

Important: If someone cannot find us: call me on my mobile: 079 / 277 92
35

greetings

-steven
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] SwiNOG-BE46 - Beer Event 46 - 19th of February 07 @ Don Weber/Zurich

2007-02-14 Thread Pim van Pelt 
Hoi!

| sorry, i'm quite late and reservation deadline is friday ,-( 
| but next monday is the next planned beer event (just aside TIX) ,-)

I'm in transit from NL to CH on that date - as a new comer (I came 
through AS8954, then AS12859, and started at AS15169 last August) I've
sort of gotten out of touch of the NLnog folks. I am looking forward to
meeting people in Switzerland, that can talk ISIS and BGP with me :)

mfg!

-- 
-- - -- - -+- - -- - --
Pim van Pelt Email: [EMAIL PROTECTED]
http://www.ipng.nl/ IPv6 Deployment
---
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] to SPF or not to SPF

2007-02-14 Thread Daniel . Blaser 
Hi Maillist,

SPF is starting to become a topic at our company again - ^^ - and I'm
now interested:

- who does not use SPF
- who implemented SPF DNS entries
- who uses SPF for matching
- who fully uses SPF ^^ lolz

I'm just trying to get a general feeling again about what the
community thinks about SPF.

Kind regards,

Daniel 
-- 
Daniel BlaserSystem Engineer ISP
Abt. Lie-Comtel  Tel: +423 / 236 17 60
Liechtensteinische KraftwerkeFax: +423 / 236 17 41
Im alten Riet 17, 9494 SchaanWeb: http://www.lkw.li___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

AW: [swinog] to SPF or not to SPF

2007-02-14 Thread Mike Kellenberger 
Hi Daniel
 
We're using SPF DNS entries for our own domain and on demand the domains
of our customers.
We're checking SPF entries on our spamfilter and filtering ~and -
entries
 
My 2cents: If SPF ist setup correctly, it makes sense for those who
check it and doesn't hurt those who don't...
 
Regards,
 
Mike

--
Mike Kellenberger  [EMAIL PROTECTED]
Escapenet - the Web Company   Tel +41 52 235 0700
http://www.escapenet.ch 
Skype mikek70atwork

 



Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von
[EMAIL PROTECTED]
Gesendet: Mittwoch, 14. Februar 2007 15:35
An: swinog@swinog.ch
Betreff: [swinog] to SPF or not to SPF



Hi Maillist,

SPF is starting to become a topic at our company again - ^^ - and I'm
now interested:

- who does not use SPF
- who implemented SPF DNS entries
- who uses SPF for matching
- who fully uses SPF ^^ lolz

I'm just trying to get a general feeling again about what the
community thinks about SPF.

Kind regards,

Daniel 
-- 
Daniel BlaserSystem Engineer ISP
Abt. Lie-Comtel  Tel: +423 / 236 17 60
Liechtensteinische KraftwerkeFax: +423 / 236 17 41
Im alten Riet 17, 9494 SchaanWeb: http://www.lkw.li
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] to SPF or not to SPF

2007-02-14 Thread Claudio Jeker 
On Wed, Feb 14, 2007 at 03:35:03PM +0100, [EMAIL PROTECTED] wrote:
> Hi Maillist,
> 
> SPF is starting to become a topic at our company again - ^^ - and I'm
> now interested:
> 
> - who does not use SPF
> - who implemented SPF DNS entries
> - who uses SPF for matching
> - who fully uses SPF ^^ lolz
> 
> I'm just trying to get a general feeling again about what the
> community thinks about SPF.
> 

We are not using it, will not use it and still think that SPF is
fundamentially broken. Many valid SPF mails are actually SPAM and many SPF
entries use wildcard entries turning it useless.

-- 
:wq Claudio
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

RE: [swinog] to SPF or not to SPF

2007-02-14 Thread Steven.Glogger 
we're not using spf at all.
i think there's every year a new discussion about it. check out the
archive ;-)
 
-steven



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, February 14, 2007 3:35 PM
To: swinog@swinog.ch
Subject: [swinog] to SPF or not to SPF



Hi Maillist,

SPF is starting to become a topic at our company again - ^^ - and I'm
now interested:

- who does not use SPF
- who implemented SPF DNS entries
- who uses SPF for matching
- who fully uses SPF ^^ lolz

I'm just trying to get a general feeling again about what the
community thinks about SPF.

Kind regards,

Daniel 
-- 
Daniel BlaserSystem Engineer ISP
Abt. Lie-Comtel  Tel: +423 / 236 17 60
Liechtensteinische KraftwerkeFax: +423 / 236 17 41
Im alten Riet 17, 9494 SchaanWeb: http://www.lkw.li
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] to SPF or not to SPF

2007-02-14 Thread Norbert Bollow 
[EMAIL PROTECTED] wrote:
> I'm just trying to get a general feeling again about what the
> community thinks about SPF.

Here's my view:

Use DomainKeys instead of SPF.  DomainKeys serves the same purpose,
but doesn't share the fundamental brokenness of SPF.

SPF should be avoided because it's fundamentally broken:  If you
publish an SPF record with a "-all" directive (if you don't have
that, SPF doesn't allow to reject forgeries, which makes SPF pretty
pointless IMO) and you send mail to an email account on my mailserver
via a forwarder (RFC1123 requires internet hosts to support mail
forwarding, and it's a relatively widely used feature) your mail will
bounce if my mailserver checks SPF unless I whitelist every host which
forwards mail for one of my users.  But that isn't feasible because I
can't expect my users to understand the brokenness of SPF and tell me
about each forwarder someone is using.

Greetings,
Norbert.


-- 
Norbert Bollow <[EMAIL PROTECTED]>http://Norbert.ch
President of the Swiss Internet User Group SIUG  http://SIUG.ch
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] to SPF or not to SPF

2007-02-14 Thread Bernard Dugas 

Bonjour,

Norbert Bollow wrote:

Use DomainKeys instead of SPF.  DomainKeys serves the same purpose,
but doesn't share the fundamental brokenness of SPF.


And why not using the existing authentication protocol on outgoing smtp 
server ? So the sender can use the smtp server of the provider of its 
email address from any network and SPF can work without any problem.


Did i forget anything ?

Best regards,
--

 __ Bernard DUGAS 
| |
|  Technoparc Pays de Gex  mailto:[EMAIL PROTECTED] |
|  30 Rue Auguste Piccard   Tel.: +33 615 333 770 |
| FR 01630 St Genis Pouilly Fax : +33 450 205 106 |
|_|

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] to SPF or not to SPF

2007-02-14 Thread Roger Buchwalder 

Hello Bernard

That would be a nice solution, but explain that to a user...

cheers
rog

Bernard Dugas schrieb:

Bonjour,

Norbert Bollow wrote:

Use DomainKeys instead of SPF.  DomainKeys serves the same purpose,
but doesn't share the fundamental brokenness of SPF.


And why not using the existing authentication protocol on outgoing smtp 
server ? So the sender can use the smtp server of the provider of its 
email address from any network and SPF can work without any problem.


Did i forget anything ?

Best regards,

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] to SPF or not to SPF

2007-02-14 Thread Adrian Ulrich 
> And why not using the existing authentication protocol on outgoing smtp 
> server ? So the sender can use the smtp server of the provider of its 
> email address from any network and SPF can work without any problem.

How would this solve the forwarding problem?

And how are you going to teach everybody to stop doing something that
has been working fine for years?

Just have a look at
 http://old.openspf.org/srspng.html

Yieks!




___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] to SPF or not to SPF

2007-02-14 Thread Viktor Steinmann 
Nowadays, every sicko can buy a .com domain for 9$ or even less. 
Spammers buy domains, put correct SPF records in their zonefiles and 
throw the domain away afterwards... (just like you did with hotmail 
accounts a few years back :-))


So IMHO DNS based spam fighting doesn't work. At least not the SPF way...

Cheers,
Viktor

Bernard Dugas wrote:

Bonjour,

Norbert Bollow wrote:

Use DomainKeys instead of SPF.  DomainKeys serves the same purpose,
but doesn't share the fundamental brokenness of SPF.


And why not using the existing authentication protocol on outgoing smtp 
server ? So the sender can use the smtp server of the provider of its 
email address from any network and SPF can work without any problem.


Did i forget anything ?

Best regards,

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] to SPF or not to SPF

2007-02-14 Thread Bernard Dugas 

Roger Buchwalder wrote:

That would be a nice solution, but explain that to a user...


We did it, and that was fine as they are only 2 boxes to click on 
outlook/outlookexpress, and still easy enough on mozilla/thunderbird 
with more mature users :-)


All are very happy as they don't have to change their outgoing smtp when 
they move.


We were also afraid at the beginning, and it is now a commercial advantage.

Best regard,
--

 __ Bernard DUGAS 
| |
|  Technoparc Pays de Gex  mailto:[EMAIL PROTECTED] |
|  30 Rue Auguste Piccard   Tel.: +33 615 333 770 |
| FR 01630 St Genis Pouilly Fax : +33 450 205 106 |
|_|

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] to SPF or not to SPF

2007-02-14 Thread Bernard Dugas 

Adrian Ulrich wrote:
And why not using the existing authentication protocol on outgoing smtp 
server ? So the sender can use the smtp server of the provider of its 
email address from any network and SPF can work without any problem.



How would this solve the forwarding problem?


Sorry, i don't understand the forwarding problem...


And how are you going to teach everybody to stop doing something that
has been working fine for years?


We have sent an email and had some more calls during 1st week afer 
email. But you can take the rythm you want to make people change, as the 
2 systems can work together.


Best regards,
--

 __ Bernard DUGAS 
| |
|  Technoparc Pays de Gex  mailto:[EMAIL PROTECTED] |
|  30 Rue Auguste Piccard   Tel.: +33 615 333 770 |
| FR 01630 St Genis Pouilly Fax : +33 450 205 106 |
|_|

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] to SPF or not to SPF

2007-02-14 Thread Bernard Dugas 

Viktor Steinmann wrote:
Nowadays, every sicko can buy a .com domain for 9$ or even less. 
Spammers buy domains, put correct SPF records in their zonefiles and 
throw the domain away afterwards... (just like you did with hotmail 
accounts a few years back :-))


Sure, but at least, I know that no spamming is coming from my users and 
my outgoing smtp : small satisfaction for a small network :-)


But i can imagine large networks will not even care about that...

Best regards,
--

 __ Bernard DUGAS 
| |
|  Technoparc Pays de Gex  mailto:[EMAIL PROTECTED] |
|  30 Rue Auguste Piccard   Tel.: +33 615 333 770 |
| FR 01630 St Genis Pouilly Fax : +33 450 205 106 |
|_|

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] to SPF or not to SPF

2007-02-14 Thread Michael Naef 
On Wednesday 14. February 2007 22:15, Bernard Dugas wrote:
> Adrian Ulrich wrote:
> >>And why not using the existing authentication protocol on
> >> outgoing smtp server ? So the sender can use the smtp
> >> server of the provider of its email address from any
> >> network and SPF can work without any problem.
> >
> > How would this solve the forwarding problem?
>
> Sorry, i don't understand the forwarding problem...

http://en.wikipedia.org/wiki/Sender_Policy_Framework

> > And how are you going to teach everybody to stop doing
> > something that has been working fine for years?

SPF has two major problems:

1. Serious design flaws (such as the forwarding problem).

2. Peopele who don't understand SPF. If the not-understandig is a 
mailserver admin it gets fatal (and lots of them are).

Both leads to legitimate rejected mail (And not just "some" false 
positives, sometimes complete domains get locked out by 
mailservers).

So consider

* Think twice before publishing SPF Records for your Domains. 
There are admins in the wild who treat "neutral" as "hard fail".

* I use SPF to reject mails with spoofed origings from my private 
mailserver. The number of rejected mails because of failed SPF 
checks is less than one percent of all REJECTED email. If I 
wouldn't be doing it for studies about mail, SPAM and means 
against it I'd completely let it be. It's not worth the effort 
to support a standard which is broken by design and so rarely 
used.

Michi

-- 
George Orwell was an optimist.
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog