> Michael Monnerie wrote:
> > On Sonntag, 25. September 2005 01:35 Steve wrote:
> >> Sorry if this is really simple... any advice would be useful.
> >
> > Not a lot, but SPF helps for that scenario. See http://spf.pobox.com
> >
>
>(Pierre replied):
> I agree; SPF is about the only defense. For the last few
> days an address in one of our low-traffic domains has been
> joe-jobbed, and our DNS servers show hundreds of TXT queries
> to that domain from all over the world. Obviously some mail
> servers are checking and (hopefully) rejecting the spam. And
> we are rejecting bounces to the joe-jobbed address, since it
> isn't a valid user address.
>
> Pierre Thomson
While I am a (semi)advocate of SPF, we should inform
the original poster what SPF will likely do and not
do:
1) His email servers will be 'authorized' to send
and if he terminates the SPF record with -all
those forging email "in his name" will be
explicitly unauthorized.
2) Some SMTP servers (but not enough) will check this
and disallow forged email from those authorized
servers
3) A few will use the SPF to recognize that he is not
the sender and suppress their BOUNCE notifications,
but few are in this group because any email admin
stupid enough to still be BOUNCING to unauthenticated
addresses is probably too clueless to use SPF
to ameliorate the situation.
4) He can as least have DENYABILITY if anyone accuses him,
in a material way, of originating the forged emails.
SPF is the right thing to do -- but the benefits have
not yet reach their potential.
He must also watch out for sneaky users "forwarding" their
email or using "other SMTP servers" with their email
address -- probably such (random) forwarding/sending
by users will be "unauthorized" as well.
--
Herb Martin
