OT: Question

Fri Apr 3 23:14:14 IST 2009

on 4-3-2009 7:13 AM Ken A spake the following:
> Rick Cooper wrote:
>>  
>>
>>> -----Original Message-----
>>> From: mailscanner-bounces at lists.mailscanner.info
>>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
>>> Scott Silva
>>> Sent: Thursday, April 02, 2009 7:33 PM
>>> To: mailscanner at lists.mailscanner.info
>>> Subject: Re: OT: Question
>>>
>>> on 4-2-2009 3:37 PM Rick Cooper spake the following:
>>>>  
>>>>
>>>>> -----Original Message-----
>>>>> From: mailscanner-bounces at lists.mailscanner.info
>>>>> [mailto:mailscanner-bounces at lists.mailscanner.info] On 
>>> Behalf Of Ken A
>>>>> Sent: Thursday, April 02, 2009 4:42 PM
>>>>> To: MailScanner discussion
>>>>> Subject: Re: OT: Question
>>>>>
>>>>> Rick Cooper wrote:
>>>>>> Just a query regarding bounces: How many of you actually 
>>> bounce mail
>>>>>> anymore? I ask this question because I noted a huge number 
>>>>> of rejects on one
>>>>>> of my servers that appear to be valid bounce attempts to an 
>>>>> address of
>>>>>> info at mydomain.com for the last week or so. I have an ACL 
>>>>> that looks at the
>>>>>> local part of recipients and if that local part is being 
>>>>> used it denies the
>>>>>> message (even null sender) with a message stating there is 
>>>>> no such user and
>>>>>> it's an address currently being joe-jobbed. I see the same 
>>>>> ips repeatedly
>>>>>> attempting a bounce for days.
>>>>> I've got one: eqnjahdhx at domain.tld. We host the domain, 
>>> but of course
>>>>> they don't send the spam. They aren't even aware of it. We are the
>>>>> joe-jobbed victim. We don't accept the bounces, but they are
>>>>> annoying, and it's been going on for well over a year. I 
>>> tightened up
>>>>> the SPF record, but I don't think that helped much. People who
>>>>> accept, then bounce mail will eventually learn, or be buried, I
>>>>> think. The 550 error on this one now says "Please dont bounce
>>>>> forged spam". That hasn't helped either. It just takes time.
>>>>>
>>>>> Ken
>>>> [...]
>>>>
>>>> That is the frustration that I feel. Pick a list having 
>>> something to do with
>>>> mail, SA, Exim, pretty much any and you will hear people 
>>> stating what a
>>>> waste of time SPF is but when it comes to something like 
>>> this I would much
>>>> prefer a DNS txt check over repeatedly trying to send a 
>>> bounce. And they
>>>> would be miles ahead because they would have never wasted 
>>> time taking the
>>>> mail.
>>>> I guess nothing works if you don't use it.
>>>>
>>> SPF is only a poor method of anti-spam tool. As a tool to control
>>> bounces, it
>>> seems to be much better. Another problem with it is many of the
>>> server records
>>> are set to softfail (~),pass (+), or neutral (?), instead of fail(-)
>>> . Even
>>> the spf wizard that many people used seems to either set softfail or
>>> neutral,
>>> and unless you dig in the docs, you wouldn't know any better.
>>>
>>
>>
>> I agree, especially since many spammers are publishing SPF records
>> now. But
>> if one just checks and denies outright a hard fail that could help
>> quite a
>> bit. Sites that help you build your records should absolutely make it
>> clear
>> once your setup is tested it should go to -fail. I score ~fail quite high
>> because that is basically a lazy admin. "We are stating the preceding
>> hosts
>> are our only authorized MTAs, but go ahead and accept from everyone
>> else too
>> just in case we haven't done our job". SPF won't stop spam for sure,
>> but if
>> everyone used proper records with a hard fail it could go a long way in
>> eliminating joe-jobs, and forgeries, so why not use it? Same with domain
>> keys, not *the* answer but certainly *A* tool
> 
> Why not use it? It's usable only if you understand it, and it can be
> 'inconvenient' for customers to have to send through a defined list of
> outgoing servers.
> 
> ISPs, web hosts, a large number of mail server admins (myself included),
> cannot set hard fail for most small business domains. Customers expect
> email to _work_, and they send from a number of locations using a number
> of systems (work, home, library, college, etc). Setting hard fail will
> only generate calls to your support desk unless customers understand the
> implications.
> 
> Wouldn't it be great if customers read about SPF on the support section
> of your web site, and were thrilled about it? Reality check... Most
> customers do not care about SPF, and have no interest in learning about
> it unless it can benefit them in some immediate way - if their domain is
> being actively spoofed, for example. In practice, this rarely happens.
> 
Some of my users roam also. But their systems send company mail through
company servers. If they have troubles, they vpn into the company network to
use the e-mail. Or they use the webmail if they are not on a company PC.
Personal mail? Use Yahoo or Gmail or whatever... They don't pay me to get your
video joke out to your relatives.

So if someone sends a company e-mail with our domain on it, I want it to
either go through our servers or fail. There is no grey area here. If it has
our domain, but didn't go through our servers, off to the bit bucket to be
recycled into useful info. And I have old school executives that think e-mail
is point to point like a fax.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090403/378b8119/signature.bin