nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Uptick in spam

From: Colin Johnston <colinj () gt86car org uk>
Date: Tue, 27 Oct 2015 14:37:03 +0000
hosted gmail did catch some of the spam but not all , into auto junk filter due to some of the weblinks were spammy

Colin


On 27 Oct 2015, at 14:18, Ian Smith <ian.w.smith () gmail com> wrote:

I'm not making any argument about the relation of SPF compliance to message
quality or spam/ham ratio.  You are no doubt correct that at this point in
the game SPF doesn't matter with respect to message quality in a larger
context, because these days messages that are not SPF compliant will simply
never arrive, and therefore aren't sent.

I'm saying that SPF helps prevent envelope header forgery, which is what it
was designed to do.  The fact that NANOG isn't checking SPF (and it isn't,
I tested) was exploited and resulted in a lot of spam to the list.  This
wasn't caught by receiving servers (like Gmail's, for example) because they
checked mail.nanog.org against the nanog.org spf record, which checked out.

You can argue that envelope header forgery is irrelevant, and that corner
cases don't matter.  But I think this latest incident provides a good
counterexample that it does matter.  And it's easy to fix, so why not fix
it?

-Ian
Previous By Date Next
Previous By Thread Next

Current thread: