gmane.mail.spam.spf.discuss

Re: [SPFMILTER] libspf2?

Scott Kitterman — 2008-11-11T19:58:21

... I caught shevek on IRC and asked about the best way to reach him with bugs. He suggested libspf2< at >rt.anarres.org. He said, "I tend to respond in a schedule of a few days. if it's urgent, I assume someone will poke me." Scott K

Re: Patch

Scott Kitterman — 2008-11-10T17:44:25

There's a 1.2.9 release on libspf2.org. Does it suffer from the same problem? Scott K

Patch

G.W. Haywood — 2008-11-10T16:51:48

Hi there, I noticed that spf_example.c can cause libspf2-1.2.8 to segfault, so I inserted the following line: SPF_ASSERT_NOTNULL(rcpt_to); at line 348 of spf_request.c to check for a null pointer. -- 73, Ged.

SPF Mail Summary Report

2008-11-09T06:00:02

iMail News Gateway Server v3.1 (c) Copyright 1996-2005 Santronics Software, Inc. Mail Forum Statistics Date Range : 09 Nov 2008 - 09 Nov 2008 Report Date: 09 Nov 2008 ---------------------------------------------------------------------- Total Summary: ---------------------------------------------------------------------- Total Forums : 2 Total Messages : 0 Total Participants : 0 Total Vendor Postings : 0 Total Mail/No Replies : 0 (0%) 6+ Days Old : 0 4+ Days Old: 0 2+ Days Old : 0 1 Day Old : 0 ---------------------------------------------------------------------- Forum Summary: spf-discuss ---------------------------------------------------------------------- No Messages Posted ---------------------------------------------------------------------- Forum Summary: spf-help --------------------------------------------

SPF Mail Summary Report

2008-10-26T05:00:01

iMail News Gateway Server v3.1 (c) Copyright 1996-2005 Santronics Software, Inc. Mail Forum Statistics Date Range : 19 Oct 2008 - 22 Oct 2008 Report Date: 26 Oct 2008 ---------------------------------------------------------------------- Total Summary: ---------------------------------------------------------------------- Total Forums : 2 Total Messages : 14 Total Participants : 7 Total Vendor Postings : 0 Total Mail/No Replies : 4 (28%) 6+ Days Old : 1 4+ Days Old: 3 2+ Days Old : 0 1 Day Old : 0 Busiest Posting Hour : 7pm (3 msgs) Busiest Posting Day : Monday (8 msgs) +-[ Hourly Posting Pattern ]----------------------+ | * | | * | | * | |

Please add ENMA and libsidf to "Implementations" page

SUZUKI Takahiko — 2008-10-22T00:54:31

Hi, In August, We IIJ have released ENMA - SPF, Sender ID milter - as an open source product. The following website is the press release: http://www.iij.ad.jp/en/news/pressrelease/2008/0828.html and the project page at sourceforge: http://sourceforge.net/projects/enma/ ENMA runs as a milter and provides SPF and Sender ID authentication using libsidf - the library which provides SPF and Sender ID authentication, we developed. Libsidf is included in ENMA package. We uses libsidf inside our services and are sure of stability, performance and compliance to the specifications. However, we still have some tasks about ENMA and libsidf: - no websites for now, sourceforge project page only - little document, README and Installation guides included in ENMA package only - comments in source codes are mostly written in Japanese, now under translating into English "ENMA" named after the ruler of Buddhism: http://en.wikipedia.org/wiki/Enma I'd like you to add ENMA and libsidf to the "Implementat

Re: throwaway domains and whois

2008-10-21T04:47:00

please stop sending these emails to my address ____________________________________________________________ Click here to find the perfect picture with our powerful photo search features. http://thirdpartyoffers.juno.com/TGL2131/fc/Ioyw6iiedACFaDn4KZl3P4PjNHu3myK75CFqLzOQZOY2t0BFFJDzsC/ ------------------------------------------- Sender Policy Framework: http://www.openspf.org Modify Your Subscription: http://www.listbox.com/member/ Archives: https://www.listbox.com/member/archive/735/=now RSS Feed: https://www.listbox.com/member/archive/rss/735/ Powered by Listbox: http://www.listbox.com

Re: throwaway domains and whois

2008-10-21T04:44:55

please stop sending these emails to my address ____________________________________________________________ Love Graphic Design? Find a school near you. Click Now. http://thirdpartyoffers.juno.com/TGL2131/fc/Ioyw6iigksgqSewUBgWTQAE8zoH870ZnXTho7RPXICNNpJFXOVP7gK/ ------------------------------------------- Sender Policy Framework: http://www.openspf.org Modify Your Subscription: http://www.listbox.com/member/ Archives: https://www.listbox.com/member/archive/735/=now RSS Feed: https://www.listbox.com/member/archive/rss/735/ Powered by Listbox: http://www.listbox.com

Motivating Senders

David MacQuigg — 2008-10-21T02:23:53

That should work if they see it often enough. The only improvement I can think of is have the URL go directly to a page with explicit instructions on fixing the problem, rather than the SPF homepage. I'm trying to imagine the message author reading this, wondering what is HELO SPF, and hearing from his admin some lame excuse that the problem is elsewhere. The instructions need to be clear enough that the author will demand a better explanation from his admin. How about something like this: ''' You have been referred to this page because one of our Border Patrol mail receivers rejected a request from your transmitter at %(IP)s to send mail under a name %(DN)s that does not authorize sending mail from this address. The Border Patrol MTA will not accept mail from unauthorized transmitters. Please fix your DNS records. Your mail server must pass at least one of our "3-strikes" tests: a) PTR check. The IP address of the transmitter must have a PTR record, AND the name from that record should have an

Re: throwaway domains and whois

Stuart D. Gathman — 2008-10-20T23:58:47

I do. Here is my current message for anonymous senders. Yours sounds better. 550-5.7.1 You must have a valid HELO or publish SPF: http://www.openspf.org 550-5.7.1 Contact your mail administrator IMMEDIATELY! Your mail server is 550-5.7.1 severely misconfigured. It has no PTR record (dynamic PTR records 550-5.7.1 that contain your IP don't count), an invalid or dynamic HELO, 550 5.7.1 and no SPF record. Some senders only see the first line. I'm want to put an URL in the first line with a web page to explain the problem fully.

Re: throwaway domains and whois

David MacQuigg — 2008-10-20T23:38:26

Use an SMTP reject, not a DSN.

Re: throwaway domains and whois

Stuart D. Gathman — 2008-10-20T23:03:30

Actually, I think you'll find yourself on one of those blacklists. Since most people never read their DSNs, they are considered spam - even when complaining about real RFC violations. Damn the RFCs and full speed ahead.

Motivating Senders

David MacQuigg — 2008-10-20T20:38:07

So do we have enough "clout" to get Yahoo's attention? My mailflow is way too small, but I'll bet if everyone on this list who manages a mailserver, starts sending reject messages like the above, we'll get some action, or at least a response.

Re: throwaway domains and whois

David MacQuigg — 2008-10-20T18:37:16

This is basically the same strategy I am following - best guess blocks around known good addresses, and quarantine for the rest. This strategy does not "positively identify" a sender, however. Recently, I saw a bunch of messages from yahoo.com going to quarantine. A little research showed that they had started using transmitters from akamai.com, so I added all of Akamai's blocks, and now things are back to "normal" with Yahoo, at least until they add some more blocks somewhere else. This is too much labor, and too unreliable for a long-term solution that might include thousands, or even millions of domains. Long-term, we need a way to motivate senders like Yahoo to publish their authorized IP addresses. We cannot reject their messages, but we can send an SMTP reject with a message like: "Sorry! We cannot guarantee delivery of this message. yahoo.com does not offer sufficient authentication to prevent forgery. We will run it through our spam filter, and keep it in our quarantine, but the recipient ma

Re: throwaway domains and whois

Stuart D. Gathman — 2008-10-20T15:54:03

Currently 90. Very little time. Most senders are handled by the default best guess - "v=spf1 a/24 mx/24 ptr". The local records are treated as alternate "best guess" policies. For example: $ORIGIN _spf.bmsi.com. fedoraproject.org IN TXT "v=spf1 ptr:redhat.com ?all"

Re: throwaway domains and whois

Stuart D. Gathman — 2008-10-20T20:11:06

Actually, yahoo *does* provide DKIM authentication. The problem is that DKIM requires receiving the entire message first. We want them to provide SPF in *addition* to DKIM. Exactly. DKIM handles 2822 header fields. SPF handles 2821 envelope. The protocols are complementary, not competing. SPF is super cheap.

SPF Mail Summary Report

2008-10-19T05:00:01

iMail News Gateway Server v3.1 (c) Copyright 1996-2005 Santronics Software, Inc. Mail Forum Statistics Date Range : 12 Oct 2008 - 18 Oct 2008 Report Date: 19 Oct 2008 ---------------------------------------------------------------------- Total Summary: ---------------------------------------------------------------------- Total Forums : 2 Total Messages : 72 Total Participants : 23 Total Vendor Postings : 0 Total Mail/No Replies : 8 (11%) 6+ Days Old : 5 4+ Days Old: 3 2+ Days Old : 0 1 Day Old : 0 Busiest Posting Hour : 7pm (9 msgs) Busiest Posting Day : Tuesday (31 msgs) +-[ Hourly Posting Pattern ]----------------------+ | * | | * | | * | |

Re: throwaway domains and whois

David MacQuigg — 2008-10-18T23:45:52

How many of these records do you maintain? How much time does it take? I do this only for the largest senders, like yahoo.com. It's a tough choice - manual labor to keep up with the sender's changes, or risk losing their messages in the spam filter. What is the problem with these senders? What will it take to motivate them?

Re: throwaway domains and whois

Stuart D. Gathman — 2008-10-17T16:46:02

I use GOSSiP for domain reputation, where the confidence in a reputation decays with time. Blocking doesn't begin until confidence reaches a threshold. IPs are on a 7 day rotation. So a given spammer IP gets to attempt to send 1 spam per week. The IPs are blocked at a low level, before getting to my filter (although the filter decides when to blacklist them). That's short enough to allow an IP sold to a legit party to get back in service.

Re: throwaway domains and whois

Stuart D. Gathman — 2008-10-17T16:50:04

Senders change their IPs. If they have an SPF record, this is transparent. For important senders with no SPF record, I can create a local one manually to positively identify them.

Re: late comment on spammer DNSes and garbage registrars

Alessandro Vesely — 2008-10-17T10:01:37

Chinese police is not famous for their softness, and they do seek and prosecute spammers. However, there are very many people experiencing rapid changes, so we cannot expect a smooth linear behavior. I'm not sure why you say so. A few days ago Scott mentioned that spammers use new domains because they can get a 4 days free usage of each new name. A cut possibly costs more than regular renewals. Spammers {also/only} take advantage of the foolishness of registrars, ISPs, and users. Diagnosing correctly may help countering the problem.