Mailing List Archive

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Astromech wrote on srs-discuss:
> In the article posted at http://www.linuxjournal.com/article/7328 Meng
> Wong states:
>
> The people who developed SPF use eBay, too, and they don't want to lose
> e-mail any more than you do. So they came up with a hack. They set up a
> whitelist that identifies all these legitimate forgers;
> pobox.com<http://pobox.com>is on the list, as are
> acm.org <http://acm.org>, eBay and the newspaper Web sites that do
> "e-mail me this article".
>
> So how does a legitimate e-mail forwarding service get on this
> whitelist?

See <http://www.trusted-forwarder.org>.

Be aware however that not all receivers who check SPF actually use that
whitelist. The T-F whitelist is not a part of the SPF specification.

(BTW, I wouldn't call it an "SRS whitelist", because it has nothing to do
with SRS. It _could_ be considered an "SPF whitelist", though.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDg3bBwL7PKlBZWjsRAm+nAJ9rgeFWqpmuBPO0b/Mgeagq+ixFEwCg7wIo
3d0oGuf7fxIbv0onRYu6pws=
=nopg
-----END PGP SIGNATURE-----

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

On Tue, 2005-11-22 at 10:37 -0800, Astromech wrote:
> So how does a legitimate e-mail forwarding service get on this
> whitelist?

To be honest, I wouldn't bother. Although many people _publish_ SPF
records, and all the graphs of adoption will show this figure,
relatively few people are actually rejecting mail due to SPF failure.

If any sites _are_ rejecting the mail which you forward, simply advise
them to stop using SPF. Refer them to something like
http://david.woodhou.se/why-not-spf.html or something similar.

I've implemented SRS in my own servers, and I use it for other purposes.
Although I have a blacklist for SPF-afflicted domains, I haven't
actually had much cause to use it. Whenever I've found a site rejecting
the mail which I forward, they've disabled their SPF checking as soon as
I've actually explained how it 'works'.

--
dwmw2


-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

On Wed, 23 Nov 2005, David Woodhouse wrote:

> If any sites _are_ rejecting the mail which you forward, simply advise
> them to stop using SPF. Refer them to something like
> http://david.woodhou.se/why-not-spf.html or something similar.

You would be less of a troll if your article was on "why not SPF
when you, as a receiver, are using forwarders". It should be turned
off only for your non-SRS forwarders. It should not be turned off
in general unless you have no clue who your forwarders are, or are
a big mail provider whose customers have in general forgotten what forwarders
they have set up.

Actually, my software *uses* SPF even for non-SRS forwarders. If
the connect IP matches the forwarder domain SPF record, it bypasses
check SPF on the actual MFROM. That way, I don't have to track
specific IP addresses that the forwarder uses.

--
Stuart D. Gathman <stuart@bmsi.com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

On Tue, 2005-11-22 at 19:26 -0500, Stuart D. Gathman wrote:
> You would be less of a troll if your article was on "why not SPF
> when you, as a receiver, are using forwarders". It should be turned
> off only for your non-SRS forwarders.

Judging by the question, 'Astromech' definitely seemed like a non-SRS
forwarder to me, although he/she didn't give many details about the
situation.

The advice I gave is sound -- just don't bother, and if you find that
anybody _is_ using some random snake-oil scheme to reject the genuine
mail you forward, then just educate them not to.

--
dwmw2


-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

>
> > So how does a legitimate e-mail forwarding service get on this
> > whitelist?
>
> See <http://www.trusted-forwarder.org>.
>

Thanks.

Also a tiny bit of background on why I asked. One of our e-mail forwarding
customers is using an ISP that rejects all SPF failed messages. Many months
ago we advised them (with various links to the SPF website and various SPF
articles) to ask their ISP to just flag instead of reject SPF failed
messages. They just came back to us again with the same problem. I'm
hoping their SPF implementation is set to use the whitelist and we can help
them out that way. Unfortunately we don't have the resources to implement
SRS or deal with the legal ramifications at this time.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

In <1132704583.15117.153.camel@baythorne.infradead.org> David Woodhouse <dwmw2@infradead.org> writes:

> To be honest, I wouldn't bother. Although many people _publish_ SPF
> records, and all the graphs of adoption will show this figure,
> relatively few people are actually rejecting mail due to SPF failure.

There *are* people who reject on SPF fails and many more that factor
the failure into their overall anti-spam system and your email is more
likely to be rejected or discarded because of it.


-wayne

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Please continue this discussion on spf-discuss. It is off-topic on
srs-discuss.

David Woodhouse wrote:
> The advice I gave is sound -- just don't bother, and if you find that
> anybody _is_ using some random snake-oil scheme to reject the genuine
> mail you forward, then just educate them not to.

Unlike snake-oil, SPF does deliver on its promises. It just doesn't make
the promises _you_ would like to hear.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDhQVswL7PKlBZWjsRAizMAJ9E8ooyfqKBJR+9wla2bOud2fHg9QCgoJxK
XDvpxdbuCFxDgFK7QzzmsVE=
=TcsB
-----END PGP SIGNATURE-----

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Please continue this discussion on spf-discuss.  It is off-topic on
srs-discuss.

David Woodhouse wrote:
> To be honest, I wouldn't bother. Although many people _publish_ SPF
> records, and all the graphs of adoption will show this figure,
> relatively few people are actually rejecting mail due to SPF failure.

"Relatively few people" -- so exactly how did you figure this out? Any
meaningful statistics?

BTW, there are people who use SPF to ensure that they send bounces only to
SPF-verified (i.e. SPF "Pass") sender addresses.

> If any sites _are_ rejecting the mail which you forward, simply advise
> them to stop using SPF. Refer them to something like
> http://david.woodhou.se/why-not-spf.html or something similar.

You forgot the <plug type="shameless"> tags.

> Whenever I've found a site rejecting the mail which I forward, they've
> disabled their SPF checking as soon as I've actually explained how it
> 'works'.

I don't forward mail without rewriting the sender, ergo I don't have your
problem. Lucky me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDhQcxwL7PKlBZWjsRAl4wAJ9yuu4W0Kos+X1zSvTQUhiD9GmMOQCgkyKP
fLxtokK+IK1/K880FuUT7tg=
=clLX
-----END PGP SIGNATURE-----

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss@v2.listbox.com