![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: Time to check the rate limits on your mail servers
From: Douglas Otis <dotis () mail-abuse org>
Date: Fri, 04 Feb 2005 14:10:52 -0800
On Fri, 2005-02-04 at 09:53 -0500, Todd Vierling wrote:
On Thu, 3 Feb 2005, Edward B. Dreger wrote:JJ> auth is sufficient to make email traceable to your own customers. End users also would appreciate the ability to _know_ a message is not forged.The only way to be sure is via cryptographic signature. Barring that level of immediate traceability, SPF provides a very useful data point to that end (as its *only* purpose is curbing forgery).
Attempting to detect spam trickled through thousands of compromised systems sent through the ISP's mail servers, SPF does nothing, and could actually damage the reputation of those domains that authorize the provider for their mailbox domain using SPF. These records can be read by the spammers and then exploited. Repairing this reputation could be next to impossible. With respect to forgery, authorization is not authentication. There is no consensus which mailbox-domain is checked, SPF (MAILFROM or HELO), Classic (MAILFROM or Other and HELO), or Sender-ID (PRA), so it is uncertain which mailbox-domain may have been checked for authorization, if any. False assurances could be worse than no assurances. White-listing for forwarded accounts or mailing lists to allow an SPF rule-set bypass means there is no certainty a check was ever made. -Doug
Current thread:
- Re: Time to check the rate limits on your mail servers, (continued)
- Re: Time to check the rate limits on your mail servers Adi Linden (Feb 03)
- Re: Time to check the rate limits on your mail servers J.D. Falk (Feb 03)
- Re: Time to check the rate limits on your mail servers John Underhill (Feb 03)
- RE: Time to check the rate limits on your mail servers Hannigan, Martin (Feb 03)
- Re: Time to check the rate limits on your mail servers J.D. Falk (Feb 03)
- Re: Time to check the rate limits on your mail servers Adi Linden (Feb 03)
- Re: Time to check the rate limits on your mail servers Joel Jaeggli (Feb 03)
- Re: Time to check the rate limits on your mail servers Guðbjörn S. Hreinsson (Feb 03)
- Re: Time to check the rate limits on your mail servers Edward B. Dreger (Feb 03)
- Re: Time to check the rate limits on your mail servers Todd Vierling (Feb 04)
- Re: Time to check the rate limits on your mail servers Douglas Otis (Feb 04)
- Sender authentication & zombies (was Re: Time to check the rate limits on your mail servers) J.D. Falk (Feb 05)
- Re: Sender authentication & zombies (was Re: Time to check the rate limits on your mail servers) Douglas Otis (Feb 05)
- Re: Sender authentication & zombies (was Re: Time to check the rate limits on your mail servers) J.D. Falk (Feb 05)
- Re: Sender authentication & zombies (was Re: Time to check the rate limits on your mail servers) Sean Donelan (Feb 05)
- Re: Sender authentication & zombies (was Re: Time to check the rate limits on your mail servers) Douglas Otis (Feb 05)
- Re: Sender authentication & zombies (was Re: Time to check the rate limits on your mail servers) J.D. Falk (Feb 06)
- Re: Sender authentication & zombies (was Re: Time to check the rate limits on your mail servers) Douglas Otis (Feb 06)
- Re: Time to check the rate limits on your mail servers J.D. Falk (Feb 03)
- Re: Time to check the rate limits on your mail servers Edward B. Dreger (Feb 05)
- Re: Time to check the rate limits on your mail servers Adi Linden (Feb 05)
- Re: Time to check the rate limits on your mail servers Edward B. Dreger (Feb 05)