Good evening,
within a few days we've spams from domains that has "+all" in the
TXT spf record. I was thinking that I'll make a plugin that check this
records and add some point to this email, but I do not know perl. Are
there some other options ? Does anybody solve this problems ?
Th
On Wed, 2012-07-11 at 21:34 +0200, Josef Karliak wrote:
> Good evening,
>within a few days we've spams from domains that has "+all" in the
> TXT spf record.
>
All SPF can do is check that the sender has a valid IP for that domain,
i.e. that the sender's domain wasn't forged. SPF cannot and sh
On Wed, 11 Jul 2012, Martin Gregorie wrote:
On Wed, 2012-07-11 at 21:34 +0200, Josef Karliak wrote:
within a few days we've spams from domains that has "+all" in the
TXT spf record.
how are you proposing to improve on what SA currently does?
Adding a point for a domain that says "email f
On 07/11, Josef Karliak wrote:
> within a few days we've spams from domains that has "+all" in the
> TXT spf record. I was thinking that I'll make a plugin that check
> this records and add some point to this email, but I do not know
Your best chance may be to open a spamassassin bug requesting
On 7/11/12 3:45 PM, "Martin Gregorie" wrote:
> On Wed, 2012-07-11 at 21:34 +0200, Josef Karliak wrote:
>> Good evening,
>>within a few days we've spams from domains that has "+all" in the
>> TXT spf record.
>>
> All SPF can do is check that the sender has a valid IP for that domain,
> i.e.
Den 2012-07-11 21:34, Josef Karliak skrev:
within a few days we've spams from domains that has "+all" in the
TXT spf record.
spamassassin does give -100 in score for spf_pass ? :=)
I was thinking that I'll make a plugin that check this
records and add some point to this email, but I do not kn
Den 2012-07-11 23:17, John Hardin skrev:
Adding a point for a domain that says "email from all possible IP
addresses is valid" may be justifiable.
problem is when webhotels make default +all and hosted domains dont
have control over there full dns, should this domain so be listed as
spammers
On Thu, 12 Jul 2012, Benny Pedersen wrote:
Den 2012-07-11 23:17, John Hardin skrev:
Adding a point for a domain that says "email from all possible IP
addresses is valid" may be justifiable.
problem is when webhotels make default +all and hosted domains dont have
control over there full dn
Den 2012-07-12 00:22, dar...@chaosreigns.com skrev:
That's a *really* unprofessional way to say "Everything in this
domain
passes SPF."
it will be more unproffessional to treat +all as a spammy sign, atleast
in spf terms
spamassassin does not need to test +all, show an example where spamme
On Thu, 12 Jul 2012, Benny Pedersen wrote:
Den 2012-07-12 00:22, dar...@chaosreigns.com skrev:
That's a *really* unprofessional way to say "Everything in this domain
passes SPF."
it will be more unproffessional to treat +all as a spammy sign, atleast in
spf terms
Not if it actually occu
Den 2012-07-12 01:26, John Hardin skrev:
"adding a point" is different from "listing as spammers".
yes make more meta would solve things as +all, i have not seen it as a
problem with domains that use +all here, there is more domains that
creates invalid spf, and dont want to resolve the prob
Am 11.07.2012 21:34, schrieb Josef Karliak:
> Good evening,
> within a few days we've spams from domains that has "+all" in the TXT
> spf record. I was thinking that I'll make a plugin that check this
> records and add some point to this email, but I do not know perl. Are
> there some other opt
On Thu, 12 Jul 2012 08:50:59 +0200
Robert Schetterer wrote:
> spf does not solve spam problems in general, its may only one from
> many parameters for spam tagging check
Indeed. I *never* subtract points for an SPF "pass" except for a very
few select domains that I trust. I only ever use SPF t
Hi everybody,
thanks for answers.
Many of the "spamming" domains has a TXT record:
"v=spf1 +all".
Or the name record types and at the end of the record they put
"+all" anyway. So I can send spam by theirs domain, I'm authorized by
this record. That is wrong. Ok, not everyone uses onl
Den 2012-07-12 09:33, Josef Karliak skrev:
"v=spf1 +all".
if i find a domain with just that i perm reject this domain in mta
without spf testing
I tried "META ..." mentioned in some post, I'll see.
maybe it helps spammers ? :=)
if its your own domain as sender one could ask sender f
Den 2012-07-12 08:50, Robert Schetterer skrev:
i wouldnt invest time in it
spf does not solve spam problems in general, its may only one from
many
parameters for spam tagging check
currect
any spammer can have valid spf records, also strict ones
also any legal mail sender
currect
in de
On Thu, 12 Jul 2012 08:50:59 +0200
Robert Schetterer wrote:
> Am 11.07.2012 21:34, schrieb Josef Karliak:
> > Good evening,
> > within a few days we've spams from domains that has "+all" in the
> > TXT spf record. I was thinking that I'll make a plugin that check
> > this records and add some
On Thu, 2012-07-12 at 13:35 +0200, Benny Pedersen wrote:
> Den 2012-07-12 09:33, Josef Karliak skrev:
>
> > "v=spf1 +all".
>
> if i find a domain with just that i perm reject this domain in mta
> without spf testing
>
That sounds like a good idea. Can the SPF plugin recognise overly
permissiv
On Thu, 12 Jul 2012, Martin Gregorie wrote:
I'd suggest that any SPF record containing '+all' and possibly '?all'
too, should trigger an SPF_PERMISSIVE rule rather than SPF_PASS so we
can distinguish an authorised server in a tightly controlled domain from
servers claiming to be part of a domain
Em Wed, 11 Jul 2012 18:22:49 -0400
dar...@chaosreigns.com escreveu:
> On 07/11, Josef Karliak wrote:
> > within a few days we've spams from domains that has "+all" in the
> > TXT spf record. I was thinking that I'll make a plugin that check
> > this records and add some point to this email, but
On Thu, 2012-07-12 at 12:17 -0700, John Hardin wrote:
> On Thu, 12 Jul 2012, Martin Gregorie wrote:
>
> > I'd suggest that any SPF record containing '+all' and possibly '?all'
> > too, should trigger an SPF_PERMISSIVE rule rather than SPF_PASS so we
> > can distinguish an authorised server in a ti
On Thu, 12 Jul 2012 21:37:36 +0100
Martin Gregorie wrote:
> True enough. I just wanted to provide a concrete example of extra
> stuff the plug-in could do and why that could be useful. It hadn't
> occurred to me until just now that SPF_PASS can be triggered by
> slovenly and/or careless SPF confi
On 7/13/2012 4:57 AM, David F. Skoll wrote:
> On Thu, 12 Jul 2012 21:37:36 +0100
> Martin Gregorie wrote:
>
>> True enough. I just wanted to provide a concrete example of extra
>> stuff the plug-in could do and why that could be useful. It hadn't
>> occurred to me until just now that SPF_PASS can
On Fri, 13 Jul 2012, David F. Skoll wrote:
SPF has *never* been advocated as an anti-spam measure by the people
who developed it.
Agreed, but that does not mean under certain circumstances it cannot be
useful as a spam indicator.
And looking for +all or ?all is not enough; you can easily s
On Fri, 13 Jul 2012 07:33:34 -0700 (PDT)
John Hardin wrote:
> So does that mean it may be legitimate to treat an SPF PASS as
> "something bad" if the SPF rule is defined in an "abusive" manner?
Absolutely. If you do not want to receive mail from a certain
domain and it passes SPF, then there's
Den 2012-07-13 16:33, John Hardin skrev:
So does that mean it may be legitimate to treat an SPF PASS as
"something bad" if the SPF rule is defined in an "abusive" manner?
meta __META_DNSWL_ANY (RCVD_IN_DNSWL_HI || RCVD_IN_DNSWL_MED ||
RCVD_IN_DNSWL_LOW)
meta META_SPF_DNSWL (__META_DNSWL_ANY
Den 2012-07-13 17:02, David F. Skoll skrev:
Absolutely. If you do not want to receive mail from a certain
domain and it passes SPF, then there's pretty good evidence the
mail really *is* from that domain and that you can apply your
domain policy.
bingo, if more recipients do this +all will cha
On Fri, 2012-07-13 at 07:33 -0700, John Hardin wrote:
>
>snippage
> If checking for +all is justified then checking for */1 through */8 would
> probably also be justified, perhaps with firing different rule so that a
> different score could be applied.
>
>more snippage
> So does that m
On Fri, 13 Jul 2012, Martin Gregorie wrote:
On Fri, 2012-07-13 at 07:33 -0700, John Hardin wrote:
>snippage
If checking for +all is justified then checking for */1 through */8 would
probably also be justified, perhaps with firing different rule so that a
different score could be applied
> From: John Hardin [mailto:jhar...@impsec.org]
>
> Agreed. I was speculating that multiple variants of SPF_PERMISSIVE
> might be justified, e.g. SPF_PERMISSIVE_ALL, SPF_PERMISSIVE_1,
> SPF_PERMISSIVE_8, etc. However, it is only speculation; I have no
> data to support that level of complexity bei
Den 2012-07-13 19:44, Giampaolo Tomassoni skrev:
Our hypothetic plugin could merge together CIDRs via
Net::CIDR::Lite->add()
and get the resultant merged, non-overlapping CIDRs via ->list(),
then count
the size of the allowed addresses (via something like 2^(32 -
cidr_prefix))
and fire rules
No, I'm not meaning that. I'm instead following the Hardin suggestion, which
works better with mass-check.
I'm suggesting to use CIDR::Lite to avoid being fooled by stuff like
+128.0.0.0/1 +0.0.0.0/1...
Giampaolo
Benny Pedersen ha scritto:
Den 2012-07-13 19:44, Giampaolo Tomassoni skrev:
>
On 07/12/2012 09:01 AM, David F. Skoll wrote:
> On Thu, 12 Jul 2012 08:50:59 +0200
> Robert Schetterer wrote:
>
>> spf does not solve spam problems in general, its may only one from
>> many parameters for spam tagging check
> Indeed. I *never* subtract points for an SPF "pass" except for a very
>
On Thu, 12 Jul 2012 09:08:19 +0200
"Andrzej A. Filip" wrote:
> Would you suggest/recommend using spf-bayes?
> [auto-learning of "worth" of given domain SPF record]
That is an interesting idea... store tokens like:
example.com*spf-pass
and compute probabilities.
A while ago, I did an inf
Am 12.07.2012 09:08, schrieb Andrzej A. Filip:
> On 07/12/2012 09:01 AM, David F. Skoll wrote:
>> On Thu, 12 Jul 2012 08:50:59 +0200
>> Robert Schetterer wrote:
>>
>>> spf does not solve spam problems in general, its may only one from
>>> many parameters for spam tagging check
>> Indeed. I *never
On Thu, 2012-07-12 at 03:20 -0400, David F. Skoll wrote:
> On Thu, 12 Jul 2012 09:08:19 +0200
> "Andrzej A. Filip" wrote:
>
> > Would you suggest/recommend using spf-bayes?
> > [auto-learning of "worth" of given domain SPF record]
>
> That is an interesting idea... store tokens like:
>
>
Den 2012-07-12 09:20, David F. Skoll skrev:
it's still the case because SPF is now more widely adopted than
before. (Spammers tend to be early adopters of technology.)
thay are properly implementing dmarc into spamassassin right now :)
37 matches
Mail list logo