nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Uptick in spam

From: Ian Smith <ian.w.smith () gmail com>
Date: Tue, 27 Oct 2015 10:18:11 -0400
I'm not making any argument about the relation of SPF compliance to message
quality or spam/ham ratio.  You are no doubt correct that at this point in
the game SPF doesn't matter with respect to message quality in a larger
context, because these days messages that are not SPF compliant will simply
never arrive, and therefore aren't sent.

I'm saying that SPF helps prevent envelope header forgery, which is what it
was designed to do.  The fact that NANOG isn't checking SPF (and it isn't,
I tested) was exploited and resulted in a lot of spam to the list.  This
wasn't caught by receiving servers (like Gmail's, for example) because they
checked mail.nanog.org against the nanog.org spf record, which checked out.

You can argue that envelope header forgery is irrelevant, and that corner
cases don't matter.  But I think this latest incident provides a good
counterexample that it does matter.  And it's easy to fix, so why not fix
it?

-Ian
Previous By Date Next
Previous By Thread Next

Current thread: