OT: Question

Ken A ka at pacific.net
Fri Apr 3 15:13:54 IST 2009


Rick Cooper wrote:
>  
> 
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info 
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
>> Of Scott Silva
>> Sent: Thursday, April 02, 2009 7:33 PM
>> To: mailscanner at lists.mailscanner.info
>> Subject: Re: OT: Question
>>
>> on 4-2-2009 3:37 PM Rick Cooper spake the following:
>>>  
>>>
>>>> -----Original Message-----
>>>> From: mailscanner-bounces at lists.mailscanner.info 
>>>> [mailto:mailscanner-bounces at lists.mailscanner.info] On 
>> Behalf Of Ken A
>>>> Sent: Thursday, April 02, 2009 4:42 PM
>>>> To: MailScanner discussion
>>>> Subject: Re: OT: Question
>>>>
>>>> Rick Cooper wrote:
>>>>> Just a query regarding bounces: How many of you actually 
>> bounce mail
>>>>> anymore? I ask this question because I noted a huge number 
>>>> of rejects on one
>>>>> of my servers that appear to be valid bounce attempts to an 
>>>> address of
>>>>> info at mydomain.com for the last week or so. I have an ACL 
>>>> that looks at the
>>>>> local part of recipients and if that local part is being 
>>>> used it denies the
>>>>> message (even null sender) with a message stating there is 
>>>> no such user and
>>>>> it's an address currently being joe-jobbed. I see the same 
>>>> ips repeatedly
>>>>> attempting a bounce for days.
>>>> I've got one: eqnjahdhx at domain.tld. We host the domain, 
>> but of course
>>>> they don't send the spam. They aren't even aware of it. We are the 
>>>> joe-jobbed victim. We don't accept the bounces, but they are
>>>> annoying, and it's been going on for well over a year. I 
>> tightened up 
>>>> the SPF record, but I don't think that helped much. People 
>>>> who accept, 
>>>> then bounce mail will eventually learn, or be buried, I 
>>>> think. The 550 
>>>> error on this one now says "Please dont bounce forged spam". 
>>>> That hasn't 
>>>> helped either. It just takes time.
>>>>
>>>> Ken
>>> [...]
>>>
>>> That is the frustration that I feel. Pick a list having 
>> something to do with
>>> mail, SA, Exim, pretty much any and you will hear people 
>> stating what a
>>> waste of time SPF is but when it comes to something like 
>> this I would much
>>> prefer a DNS txt check over repeatedly trying to send a 
>> bounce. And they
>>> would be miles ahead because they would have never wasted 
>> time taking the
>>> mail. 
>>>
>>> I guess nothing works if you don't use it.
>>>
>> SPF is only a poor method of anti-spam tool. As a tool to 
>> control bounces, it
>> seems to be much better. Another problem with it is many of 
>> the server records
>> are set to softfail (~),pass (+), or neutral (?), instead of 
>> fail(-) . Even
>> the spf wizard that many people used seems to either set 
>> softfail or neutral,
>> and unless you dig in the docs, you wouldn't know any better.
>>
> 
> 
> I agree, especially since many spammers are publishing SPF records now. But
> if one just checks and denies outright a hard fail that could help quite a
> bit. Sites that help you build your records should absolutely make it clear
> once your setup is tested it should go to -fail. I score ~fail quite high
> because that is basically a lazy admin. "We are stating the preceding hosts
> are our only authorized MTAs, but go ahead and accept from everyone else too
> just in case we haven't done our job". SPF won't stop spam for sure, but if
> everyone used proper records with a hard fail it could go a long way in
> eliminating joe-jobs, and forgeries, so why not use it? Same with domain
> keys, not *the* answer but certainly *A* tool

Why not use it? It's usable only if you understand it, and it can be 
'inconvenient' for customers to have to send through a defined list of 
outgoing servers.

ISPs, web hosts, a large number of mail server admins (myself included), 
cannot set hard fail for most small business domains. Customers expect 
email to _work_, and they send from a number of locations using a number 
of systems (work, home, library, college, etc). Setting hard fail will 
only generate calls to your support desk unless customers understand the 
implications.

Wouldn't it be great if customers read about SPF on the support section 
of your web site, and were thrilled about it? Reality check... Most 
customers do not care about SPF, and have no interest in learning about 
it unless it can benefit them in some immediate way - if their domain is 
being actively spoofed, for example. In practice, this rarely happens.

Ken

> 
> Rick 
> 
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> 


-- 
Ken Anderson
Pacific Internet - http://www.pacific.net


More information about the MailScanner mailing list