OT: SPF comments requested

Mark Nienberg mark at TIPPINGMAR.COM
Sat Dec 25 01:15:23 GMT 2004 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Mark Nienberg wrote:

> Steve Campbell wrote:
>
>> I'm not sure if the SPF thing is something all of us should be
>> dealing with
>> _now_, but if we all should be updating our DNS records, I'd like to
>> hear
>> about some ideas from the list. I have gleaned as much as I can
>> absorb from
>> all of the different sites required to explore implementing SPF, and I'm
>> still not sure how to use it other than setting up my DNS so others
>> can use
>> it.
>>
>> As I understand this, I have many options on how to use it for our
>> protection. Much like RBLs, I can set this up in Sendmail, or use the
>> SPF
>> functions of SA, and probably a few more. And the same reasons for
>> deciding
>> this are basicly the same as for using RBLs.
>>
>>
> OK. I'm opinionated.
>
> Roughly in order or importance:
>
> 1. Publish an SPF record for your domain.  This will allow me to reject
> mail from spammers claiming to be you.
> 2. Upgrade to the latest MailScanner.  It has a bugfix related to SPF
> checks.

Whoops, that isn't quite right.  The SPF bugfix is in the latest beta
version, not yet in the stable version.  Sorry.

> 3. Watch your logs, etc. to see if you are receiving legitimate mail
> from your regular correspondents with SPF_FAIL.  If so, contact the
> admins of those domains so they can correct their problems.
> 4.  Once you have some confidence in it, increase the score of SPF_FAIL
> in SpamAssassin.  In my experience, it is ridiculously low by default,
> and I see a much higher correlation between SPF_FAIL and spam than the
> SA developers see in their test spam corpus.  I also expect it to
> continue rising as more admins deploy it and correct their errors.
> 5. Eventually, maybe move to a system of rejecting mail at the MTA level.

Mark Nienberg

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list