[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] SPF, was where the message

To: "'Anti-Spam Research Group - IRTF'" <asrg at irtf.org>
Subject: Re: [Asrg] SPF, was where the message
From: "John Glube" <john.glube at trusted-email-sender.com>
Date: Wed, 21 Jan 2009 22:39:30 -0500
Delivered-to: ietfarch-asrg-archive at core3.amsl.com
Delivered-to: asrg at core3.amsl.com
In-reply-to: <20090122020229.45279.qmail at simone.iecc.com>
List-archive: <http://www.irtf.org/pipermail/asrg>
List-help: <mailto:asrg-request@irtf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-post: <mailto:asrg@irtf.org>
List-subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
List-unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
Organization: Glube's - Business Services
References: <98A1ECB08BB15EE100D00EAA at lewes.staff.uscs.susx.ac.uk> <20090122020229.45279.qmail at simone.iecc.com>
Reply-to: john.glube at trusted-email-sender.com, Anti-Spam Research Group - IRTF <asrg at irtf.org>
Sender: asrg-bounces at irtf.org
Thread-index: Acl8NYmThSn2xEKrR6WeGnfZP5M83gACkEEg

Up until the Spring of 2008, AOL was using SPF to
check what AOL called the "SPF_helo" and the
"SPF_822_from." 

We know this because the following headers were
observed in FBL data:

X-AOL-SCOLL-AUTHENTICATION: listenair ; SPF_helo: n

X-AOL-SCOLL-AUTHENTICATION: listenair ; SPF_822_from : n

("n" indicated the test failed. "y" indicated the
test passed.)

My understanding is that the "SPF_helo" check was
based on the perceived value of CSV and that the
"SPF_822 from" was part of the overall effort in
deciding whether to incorporate SID checks. It
was presumed that the data was also used as part
of the reputation analysis that AOL was running
on incoming mail.

I do not know whether AOL is still running these
checks. Investigation shows that AOL dropped the
X-AOL-Scoll-Authentication header sometime in the
summer of 2008.

My recollection from discussions with a former
AOL postmaster shortly after the collapse of
MARID is that AOL felt running an SPF_helo and
SPF_822_from check would be useful information as
part of the overall process of detecting and
blocking the "low hanging" spam.

John Glube


_______________________________________________
Asrg mailing list
Asrg at irtf.org
http://www.irtf.org/mailman/listinfo/asrg

References:
- Re: [Asrg] SPF, was where the message
  - From: Ian Eiloart
- Re: [Asrg] SPF, was where the message
  - From: John Levine

Prev by Date: Re: [Asrg] SPF, was where the message
Next by Date: [Asrg] About that e-postage draft [POSTAGE]
Previous by thread: Re: [Asrg] SPF, was where the message
Next by thread: Re: [Asrg] SPF, was where the message
Index(es):
- Date
- Thread