2007/8/27, Marc Perkel <[EMAIL PROTECTED]>: > > > > Luis Hernán Otegui wrote: > 2007/8/27, Marc Perkel <[EMAIL PROTECTED]>: > > > Meng Weng Wong wrote: > > > On Aug 27, 2007, at 11:39 AM, Kelson wrote: > > > > Jason Bertoch wrote: > > > Is it wise to blacklist both, or is this yet another case where SPF > has failed > to meet projections? > > It's a case where the spammer has just handed you useful information: > You know for sure that the domain name is, indeed, the spammer's > domain name, and not an innocent third-party's. Blacklist it without > hesitation! > > > Yes, that usage was exactly the design intent of SPF. > > Once you move from IP to domain reputation, you can do many > interesting things. > > For example, you can go from the known-bad domain to its nameservers. > > You can then go from those nameservers to detect other bad domains. > > The URIBL plugin associates URL -> domain -> IP -> reputation lookup. > > I am writing a similar plugin that associates domain -> NS -> > reputation lookup. > > > > Meng - you are doing the email community a huge disservice with SPF. I > wish you'd just end this lie because SPF is less than useless. I breaks > existing forwarding standards and it causes false positives. SPF DOESN'T > WORK! > > If my two cents worth anything here, Marc, you're the one doing a > major damage to the email community by trying to reduce everything to > DNS lookups. > > Without going into technical arguments about your practices, you're > treating us who don't do as you do as mere stupids. And that, IMHO, is > a terrible simplification. If you find you're in the right path FOR > YOUR SITUATION, that's ok with me. But you CANNOT become a fanatic and > begin yelling to the rest of us that we're going to hell because we > don't agree with you. Qouting Einstein, "Only a fool confuses reality > with the model. Such a simplification leads to a narrow mind"... > > Now, on the technical hand, SPF is an anti-forgery tool, as was said > earlier in this discussion. I publish my records for anyone to know if > a message which claims to come from my servers (or at least, my > domain) is legit or not. If you run majordomo mor mailman based lists, > the forwarding issue goes down... Or you could just rewrite your SPF > records to include the domains that get forwarded usually, as I do > between the two major domains I manage... > > Peace, > > Luis > > > > Juis - you have 2 domains. I have 1600 domains. I have no control over > other domains that people forward to domains that I filter for. So if I used > SPF then I would be bouncing a LOT of good emaim from domiains that I don't > control. No, I said I have TWO PRIMARY DOMAINS. I host/have 25 different domains, some more active than anothers. I know 25 it's WAAAY much less than 1600, but still I try to do things the right way. The number should not be an excuse. Whenever I catch someone who doesn't do things the right way (and NOT my right way, but the one suggested by RFCs), I first point them in the right direction, then offer advice to them, and last (but not least) refer the complains from my (or their) users to them. Oh, and by the way, my name is Luis.
Peace, Luis -- ------------------------------------------------- GNU-GPL: "May The Source Be With You... Linux Registered User #448382. When I grow up, I wanna be like Theo... -------------------------------------------------
