Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SPF>
  3. Discuss
Motivating Senders
dmquigg-spf at yahoo
Oct 20, 2008, 1:38 PM
Post #1 of 2 (2043 views)
Permalink
At 04:11 PM 10/20/2008 -0400, Stuart D. Gathman wrote:

>On Mon, 20 Oct 2008, David MacQuigg wrote:
>
>> Long-term, we need a way to motivate senders like Yahoo to publish their
>> authorized IP addresses. We cannot reject their messages, but we can send an
>> SMTP reject with a message like: "Sorry! We cannot guarantee delivery of
>> this message. yahoo.com does not offer sufficient authentication to prevent
>> forgery. We will run it through our spam filter, and keep it in our
>> quarantine, but the recipient may not read it."
>
>Actually, yahoo *does* provide DKIM authentication. The problem is that
>DKIM requires receiving the entire message first. We want them
>to provide SPF in *addition* to DKIM.
>
>> I think most senders will comply after seeing a large number of these
>> messages. Yahoo may be special, however, since they have a vested interest
>> in a competing protocol. We've got to sell the idea that its not either-or,
>> but *both* protocols are needed.
>
>Exactly. DKIM handles 2822 header fields. SPF handles 2821 envelope.
>The protocols are complementary, not competing. SPF is super cheap.

So do we have enough "clout" to get Yahoo's attention? My mailflow is way too small, but I'll bet if everyone on this list who manages a mailserver, starts sending reject messages like the above, we'll get some action, or at least a response.





-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
Motivating Senders [ In reply to ]
dmquigg-spf at yahoo
Oct 20, 2008, 7:23 PM
Post #2 of 2 (1930 views)
Permalink
At 07:58 PM 10/20/2008 -0400, Stuart D. Gathman wrote:

>Here is my current message for anonymous senders. Yours sounds better.
>
>550-5.7.1 You must have a valid HELO or publish SPF: http://www.openspf.org
>550-5.7.1 Contact your mail administrator IMMEDIATELY! Your mail server is
>550-5.7.1 severely misconfigured. It has no PTR record (dynamic PTR records
>550-5.7.1 that contain your IP don't count), an invalid or dynamic HELO,
>550 5.7.1 and no SPF record.
>
>Some senders only see the first line. I'm want to put an URL
>in the first line with a web page to explain the problem fully.

That should work if they see it often enough. The only improvement I can think of is have the URL go directly to a page with explicit instructions on fixing the problem, rather than the SPF homepage. I'm trying to imagine the message author reading this, wondering what is HELO SPF, and hearing from his admin some lame excuse that the problem is elsewhere. The instructions need to be clear enough that the author will demand a better explanation from his admin. How about something like this:

'''
You have been referred to this page because one of our Border Patrolâ„¢ mail receivers rejected a request from your transmitter at %(IP)s to send mail under a name %(DN)s that does not authorize sending mail from this address.

The Border Patrol MTA will not accept mail from unauthorized transmitters. Please fix your DNS records. Your mail server must pass at least one of our "3-strikes" tests:

a) PTR check. The IP address of the transmitter must have a PTR record, AND the name from that record should have an A record with an address matching the transmitter's IP, AND the name in your HELO command must exactly match the name in the PTR record.
- OR -
b) The name in your HELO command must have an A or an MX record validating the transmitter's IP.
- OR -
c) The name in your HELO command must have an email authentication record authorizing the transmitter's IP. Currently, we look for SPF, SenderID, or CSV records.


Note: These requirements are much less strict than full RFC compliance. See dnsreport.com for a complete test of your DNS standards compliance.

See DNShelp for more information.

See Quick Fix for very brief instructions on setting up your transmitter.
'''





-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal