SPF
Jan-Peter Koopmann
Jan-Peter.Koopmann at SECEIDOS.DE
Wed Aug 11 08:26:39 IST 2004
On Wednesday, August 11, 2004 4:12 AM MailScanner mailing list wrote:
>> Sendmail doesn't just drop the conection, it returns an explanantion
>> to the sender, similar to the way it returns a "user unknown" or
>> other error message.
>>
>>
>>
> It depends... Actually, if the from address does not match
> the SPF record, it is best to not send out a notice and to
> just drop the connection. Otherwise, you are just spamming
What gives you the idea that sendmail (or other MTAs) send out a notice
if SPF fails? If you configure your MTA correctly and SPF fails you
simple reply with a
550 SPF check failed or whatever
within the SMTP protocol. This way the sending MTA can send an error
message to the sender. You are not sending a mail and since you are not,
this kind of check with this kind of response will NEVER spam the net.
> In the beginning phases, it would be best to send these
> returns so people can complain to their service providers.
Again: You should _NEVER_ send a NDR if SPF fails. Simply do not accept
the mail at MTA level if you choose to enforce SPF.
> But that will likely be over with by about the first of the
> year (Hopefully!!!).
No. You will leave this turned on forever. You should always give nice
and explanatory SMTP error messages if you refuse to accept a mail. You
should however nearly never send out NDRs yourself in response to
possible SPAM or viruses, I agree.
Regards,
JP
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list