On Fri, 23 Jul 2004, Lloyd Zusman wrote: > "Stuart D. Gathman" <[EMAIL PROTECTED]> writes: > > > On Thu, 22 Jul 2004 [EMAIL PROTECTED] wrote: > > > >> Again, Meng, thank you for the pointers. My preference is strongly in > >> favour TMDA right now. Perhaps SPF can integrate with it somehow... > > > > Please! Please! Please stop TMDA installations from sending their > > stupid confirmation email for messages with SPF fail (i.e. that I > > never sent)! [ ... ] > > > > [ ... ] > > > > But, if every TMDA installation would refrain from sending responses > > for messages that fail SPF, then they could part of the solution instead > > of part of the problem. > > You should send this message to the tmda-users mailing list.
> FYI: on my site, I reject SPF fail messages before TMDA gets invoked > at all. So I guess by your reckoning, I'm part of the solution. :) > > On the tmda-users mailing list, we can discuss how to do this. When a TMDA installation replies to forged email, it becomes a spammer just as annoying as stupid virus filters or mailing lists that reply to forged email. By checking SPF for an alleged sender before generating a reply, TMDA and other responders can avoid swamping innocent users with unsolited confirmations. This will also encourage more senders to publish SPF since doing so will help stop the unsolicited replies. SPF is a way for senders to publish via DNS which mail servers are authorized, not authorized, maybe authorized, or probably not authorized to send mail for a domain. These query results are known as PASS, FAIL, NEUTRAL, and SOFTFAIL. If no SPF record has been published, the result is NEUTRAL (except some implementations supply a default based on local policy). An auto-responder like TMDA should reject and never respond to mail with an SPF result of FAIL. The official SPF site is at: http://spf.pobox.com Since TMDA is a python project, you might be interested in my Python implementation of SPF in a Python milter: http://bmsi.com/python/milter.html -- Stuart D. Gathman <[EMAIL PROTECTED]> Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154 "Confutatis maledictis, flamis acribus addictis" - background song for a Microsoft sponsored "Where do you want to go from here?" commercial. _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
