[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] What are the IPs that sends mail for a domain?

To: asrg at irtf.org
Subject: Re: [Asrg] What are the IPs that sends mail for a domain?
From: Ian Eiloart <iane at sussex.ac.uk>
Date: Tue, 30 Jun 2009 10:55:04 +0100
Delivered-to: asrg at core3.amsl.com
In-reply-to: <4A48FB80.10709 at billmail.scconsult.com>
List-archive: <http://www.irtf.org/mail-archive/web/asrg>
List-help: <mailto:asrg-request@irtf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-post: <mailto:asrg@irtf.org>
List-subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
List-unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
References: <mailman.5.1245610801.29559.asrg at irtf.org> <4A3F76B8.2030409 at terabites.com> <BBBA1F6A3752AE7B96888ECB at lewes.staff.uscs.susx.ac.uk> <4A48FB80.10709 at billmail.scconsult.com>
Reply-to: Anti-Spam Research Group - IRTF <asrg at irtf.org>
Sender: iane at sussex.ac.uk

--On 29 June 2009 13:36:00 -0400 Bill Cole <asrg3 at billmail.scconsult.com>wrote:

There is, actually. If you publish SPF records with a strong -all, then
recipients can easily decide to reject (not bounce) messages. Add DKIM
signatures, and they'll be able to tell when someone has forwarded your
legitimate email.


Do you have any evidence that this actually works to any detectable
degree?

I have solid proof that it is far from perfect, but I only have a handful
of addresses that ever had significant bogus bounce flow in the one
domain I could safely use in a SPF '-all' effectiveness test. The first 5
years of that test have shown a slow drop in the rate of bad bounces in
general offered to that domain, but it isn't much more proportionally
than the drop from a dribble to a trickle that I've seen for a domain
with no SPF record. The noise in my minuscule and weakly controlled data
makes it quantitatively worthless, but on a qualitative basis it makes
clear that strong SPF records are not yet a strong universal tool for
preventing blowback bounces.

If you are aware of SPF being any more useful than prayer at controlling
blowback, please share it.

Well, my claim is a theoretical one, and perhaps a hope for the future. Itprobably isn't yet effective. I do believe that it will be one day.

However, I do believe that people should take SPF records into account whendeciding whether to generate bounce messages. It should not be a problem ifthere's a positive SPF or DKIM match. You shouldn't do it if there's an SPFfail. It's harder to decide what to do in the absence of SPF, or a neutralor softfail result.

I'd suggest that to drive up adoption of SPF, don't bounce for a neutral orsoftfail result (instead give a 5xx error), but (this will becontroversial) feel free to bounce into domains that aren't trying to help- ie domains that don't publish SPF records at all. (ducks).



--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/

Follow-Ups:
- Re: [Asrg] What are the IPs that sends mail for a domain?
  - From: Rich Kulawiec

References:
- Re: [Asrg] What are the IPs that sends mail for a domain?
  - From: Gordon Peterson
- Re: [Asrg] What are the IPs that sends mail for a domain?
  - From: Ian Eiloart
- Re: [Asrg] What are the IPs that sends mail for a domain?
  - From: Bill Cole

Prev by Date: Re: [Asrg] VPNs
Next by Date: Re: [Asrg] VPNs vs consent
Previous by thread: Re: [Asrg] What are the IPs that sends mail for a domain?
Next by thread: Re: [Asrg] What are the IPs that sends mail for a domain?
Index(es):
- Date
- Thread