Mailing List Archive

On Thursday 13 September 2007 09:48, Jeremy Jackson wrote:
> Since implementing milter-greylist here a few weeks ago, the few spams
> that have reached my Inbox here have been from domains (presumably owned
> by or targeted by spammers) with SPF records ending in "+all"
>
> I see there is some ability to add local policy, but it seems like it
> would need to be extended to be a general purpose filter that could be
> used to remove the "+all" when being used by milter-greylist for
> auto-whitelisting, for example.

A better approach, I think, would be to keep a list of domains that get SPF
Pass that spam you and just reject mail from those domains. As we've
discussed previously, it's trivial to have a record equiavlent to +all that
doesn't look like it.

Rather than special case +all, I think you'd get more mileage out of a more
general solution.

Scott k

-------------------------------------------
-----------------------------------------------------------------------
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311533&id_secret=41491812-46c4e3
Powered by Listbox: http://www.listbox.com

Jeremy Jackson wrote:
> Since implementing milter-greylist here a few weeks ago, the few spams
> that have reached my Inbox here have been from domains (presumably owned
> by or targeted by spammers) with SPF records ending in "+all"
>
> I see there is some ability to add local policy, but it seems like it
> would need to be extended to be a general purpose filter that could be
> used to remove the "+all" when being used by milter-greylist for
> auto-whitelisting, for example.

There is a common misunderstanding that SPF "pass" somehow adds
confidence to the received message. It does not. It only asserts that
the message indeed originated from the domain it says. The "right" way
to combine greylisting with SPF would be:

- check SPF
- if SPF status is "pass", apply greylisting on the basis of the source
domain.
- if it is anything else, apply greylisting the way you did before (on
the basis of the IP or network address).

Eugene

-------------------------------------------
-----------------------------------------------------------------------
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311533&id_secret=41492119-8248d3
Powered by Listbox: http://www.listbox.com

On Thu, 2007-09-13 at 09:58 -0400, Scott Kitterman wrote:
> On Thursday 13 September 2007 09:48, Jeremy Jackson wrote:
> > Since implementing milter-greylist here a few weeks ago, the few spams
> > that have reached my Inbox here have been from domains (presumably owned
> > by or targeted by spammers) with SPF records ending in "+all"
> >
> > I see there is some ability to add local policy, but it seems like it
> > would need to be extended to be a general purpose filter that could be
> > used to remove the "+all" when being used by milter-greylist for
> > auto-whitelisting, for example.
>
> A better approach, I think, would be to keep a list of domains that get SPF
> Pass that spam you and just reject mail from those domains. As we've

Well this is becoming a job like writing virus definitions... never
finished. It smells like a bad design if that's the case.

> discussed previously, it's trivial to have a record equiavlent to +all that
> doesn't look like it.

I'll check the list archives, but if this is true, it seems like
spammers will defeat it easily, once it becomes popular enough to matter
to them.

> Rather than special case +all, I think you'd get more mileage out of a more
> general solution.

Adding domains manually to a blacklist sounds like special case to me, I
was hoping SPF would be a general solution...

--
Jeremy Jackson
Coplanar Networks
(519)489-4903

-------------------------------------------
-----------------------------------------------------------------------
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311533&id_secret=41509634-89cea9
Powered by Listbox: http://www.listbox.com

Scott Kitterman wrote:
> A better approach, I think, would be to keep a list of domains that get SPF
> Pass that spam you and just reject mail from those domains. As we've
> discussed previously, it's trivial to have a record equiavlent to +all that
> doesn't look like it.
>

In a sense this is that same approach that the RBL's are using to block
spam. You going to spend you life playing catch up with all the throw
away domains that the spammers use.

I personally think that whitelisting of 'well behaved', SPF protected
domains is a much more scalable and useful solution. A whitelist is much
more static than a blacklist and as a result much easier to maintain.

--
Graham Beneke
Apolix Internet Services
E-Mail/MSN/Jabber: graham@apolix.co.za Skype: grbeneke
VoIP: 087-750-5696 Cell: 082-432-1873
http://www.apolix.co.za/

-------------------------------------------
-----------------------------------------------------------------------
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311533&id_secret=41511606-bfbb3b
Powered by Listbox: http://www.listbox.com

On 13/09/2007, Jeremy Jackson <jerj@coplanar.net> wrote:

> Adding domains manually to a blacklist sounds like special case to me, I
> was hoping SPF would be a general solution...

It is. But it's a solution to a different problem to the one you're
trying to use it for.

--
Peter Bowyer
Email: peter@bowyer.org

-------------------------------------------
-----------------------------------------------------------------------
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311533&id_secret=41512640-b49166
Powered by Listbox: http://www.listbox.com

On Thursday 13 September 2007 10:15, Jeremy Jackson wrote:
> On Thu, 2007-09-13 at 09:58 -0400, Scott Kitterman wrote:
> > On Thursday 13 September 2007 09:48, Jeremy Jackson wrote:
> > > Since implementing milter-greylist here a few weeks ago, the few spams
> > > that have reached my Inbox here have been from domains (presumably
> > > owned by or targeted by spammers) with SPF records ending in "+all"
> > >
> > > I see there is some ability to add local policy, but it seems like it
> > > would need to be extended to be a general purpose filter that could be
> > > used to remove the "+all" when being used by milter-greylist for
> > > auto-whitelisting, for example.
> >
> > A better approach, I think, would be to keep a list of domains that get
> > SPF Pass that spam you and just reject mail from those domains. As we've
>
> Well this is becoming a job like writing virus definitions... never
> finished. It smells like a bad design if that's the case.
>
> > discussed previously, it's trivial to have a record equiavlent to +all
> > that doesn't look like it.
>
> I'll check the list archives, but if this is true, it seems like
> spammers will defeat it easily, once it becomes popular enough to matter
> to them.
>
> > Rather than special case +all, I think you'd get more mileage out of a
> > more general solution.
>
> Adding domains manually to a blacklist sounds like special case to me, I
> was hoping SPF would be a general solution...

If you are doing it manually, sure.

This can be automated quite easily. If you look at the pymilter project on
Sourceforge with pygossip all the bits are there.

I agree that manual lists aren't scalable.

Meng Wong (the Father of SPF - not the inventor as he built a lot on previous
work) once said that SPF is to anti-spam as flour is to food.

I would say that SPF is one component of a general solution.

Scott K

-------------------------------------------
-----------------------------------------------------------------------
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311533&id_secret=41520115-0e6c6e
Powered by Listbox: http://www.listbox.com

Jeremy Jackson ha scritto:
> On Thu, 2007-09-13 at 09:58 -0400, Scott Kitterman wrote:
>> A better approach, I think, would be to keep a list of domains that get SPF
>> Pass that spam you and just reject mail from those domains. As we've
>
> Well this is becoming a job like writing virus definitions... never
> finished. It smells like a bad design if that's the case.

Are you saying that you have a better design for anti-virus software? I
bet you can make a lot of money from this!

;-)

Stefano

-------------------------------------------
-----------------------------------------------------------------------
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=1311533&id_secret=41526934-3bb92d
Powered by Listbox: http://www.listbox.com