SPF

Jan-Peter Koopmann Jan-Peter.Koopmann at SECEIDOS.DE
Wed Aug 11 08:26:39 IST 2004


On Wednesday, August 11, 2004 4:12 AM MailScanner mailing list wrote:

>> Sendmail doesn't just drop the conection, it returns an explanantion
>> to the sender, similar to the way it returns a "user unknown" or
>> other error message. 
>> 
>> 
>> 
> It depends... Actually, if the from address does not match
> the SPF record, it is best to not send out a notice and to
> just drop the connection. Otherwise, you are just spamming


What gives you the idea that sendmail (or other MTAs) send out a notice
if SPF fails? If you configure your MTA correctly and SPF fails you
simple reply with a 

550 SPF check failed or whatever

within the SMTP protocol. This way the sending MTA can send an error
message to the sender. You are not sending a mail and since you are not,
this kind of check with this kind of response will NEVER spam the net. 

> In the beginning phases, it would be best to send these
> returns so people can complain to their service providers.

Again: You should _NEVER_ send a NDR if SPF fails. Simply do not accept
the mail at MTA level if you choose to enforce SPF.

> But that will likely be over with by about the first of the
> year (Hopefully!!!).

No. You will leave this turned on forever. You should always give nice
and explanatory SMTP error messages if you refuse to accept a mail. You
should however nearly never send out NDRs yourself in response to
possible SPAM or viruses, I agree.

Regards,
  JP

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list