[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Re: SPF abused by spammers

To: <asrg at ietf.org>
Subject: Re: [Asrg] Re: SPF abused by spammers
From: Mark <admin at asarian-host.net>
Date: Wed, 22 Sep 2004 01:25:35 GMT
Cc: Markus Stumpf <maex-lists-spam-ietf-asrg at Space.Net>
Comments: To protect the identity of the sender, certain header fields are either not shown, or masked. Anonymous email accounts can be requested by filling in the appropriate form at: https://asarian-host.net/cgi-bin/signup.cgi
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
Organization: Asarian-host
References: <9GxWd3BJcDD@gmane.3247.org> <20040917145236.GA37562@asarian-host.net> <20040921234556.GN37562@Space.Net>
Sender: asrg-bounces at ietf.org

Markus Stumpf wrote:

On Fri, Sep 17, 2004 at 03:11:18PM +0000, Mark wrote:

Hello? Ever heard of HELO? :) Sending with en empty envelope-from,
to try and circumvent SPF, is pointless: checks are done against
HELO, in that case (as if tested against, say, postmaster at HELO).
Consequently, since there is nothing to prevent, there is nothing to
send "non empty" either (where empty was the case).


That was the reference I didn't find.

Which leads to the problem with

  HELO [10.0.0.1]
or
  HELO i222-150-67-241.s04.a013.ap.plala.or.jp

which would require all ISPs to add SPF records to all entities and
raises again the problems Barry Shein has addressed.

Well, only if that ISP allows people to send mail from their home IP addresses. Otherwise, the ISP just has to create SPF records for its own outgoing mail servers.

If people on a home network get their own $9 bucks domain name, they could (and probably should) set their HELO string to their domain name, if they are also sending from their home IP address(es). Then they can, themselves, publish, or have published, SPF records for that domain. Setting HELO to their PTR (if unchangeable, and provided by the ISP, and in the above format you described), would not make much sense, in that case.

And: if I am a customer of some.isp and my current revDNS entry for
the IP I am using is

   1.0.0.10.rev.dsl.some.isp

should I be allowed to send a bounce on behalf of that address, i.e.
use the name or IP in the HELO string?

I doubt you'll get far with a 10.0.0.1 address. :) But, assuming a public address, why should you not be allowed to send a bounce from that address? SPF "classic" does not check against your PTR; so, if you have proper SPF records for your domain/HELO, why not? If your HELO is set to your own domain name, and an A record lookup of the HELO matches your IP address, you're in the clear.

- Mark


_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- [Asrg] Re: SPF abused by spammers
  - From: Claus Färber
- Re: [Asrg] Re: SPF abused by spammers
  - From: Markus Stumpf

Prev by Date: Re: [Asrg] Filtering spam by detecting 'anti-Bayesian' elements?
Next by Date: [Asrg] Re: ASRG Wiki
Previous by thread: Re: [Asrg] Re: SPF abused by spammers
Next by thread: Re: [Asrg] Re: SPF abused by spammers
Index(es):
- Date
- Thread