spf

Discussion re sg development. You don't have to be a developer.

spf

Postby josh » Fri May 13, 2005 11:20 pm

There was recently a rash of virus emails that went out claiming to be from mail system administrators -- we got our share. I was thinking that maybe an spf record would help. I used the "wizard" at pobox to come up with

Code: Select all
spamgourmet.com. IN TXT "v=spf1 mx ptr a:spruce.he.net a:flurry.he.net ~all"
gourmet.spamgourmet.com. IN TXT "v=spf1 a -all"


does anyone know about this stuff? I haven't changed anything, of course -- I'm just thinking about it. I think it would jive with reply address masking, but would, by virtue of that, discredit those users who change the from address in their MUAs
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Postby maratheamit » Thu May 19, 2005 1:14 pm

I agree: If we decide to publish a SPF record, it would create problems for users who change the from address directly in their MUA. Not sure how many people do that.

On the other side, we can instruct our MTA to start checking SPF without publishing a record ourselves. Of course, that will break senders who directly mangle the from header. The compromise here could be to set a X-header to the status of the SPF check and let the MUA do the filtering.
maratheamit
 
Posts: 82
Joined: Fri Aug 29, 2003 2:35 pm

Postby josh » Mon Nov 28, 2005 12:27 am

some asshat is sending out huge amounts of virus-payload bearing messages that are forged to be from info or admin at sg. I'm getting hundreds of bouncebacks from the bad addresses in the victim list, and some complaints. This is nothing new, but it hasn't happened for awhile. I just made a quick change to prevent such messages from going to spamgourmet addresses (so I think, anyway), but most of the lists being used this time are just regular addresses. I noticed on some of the yahoo bouncebacks that yahoo was checking spf, and got a "neutral" response because we don't publish records.

SPF sounds attractive just to try and help prevent this kind of crap -- that's really what it's best at, I suppose.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm


Return to Developers

Who is online

Users browsing this forum: No registered users and 13 guests

cron