Postfix.org SPF

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
25 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Postfix.org SPF

JunkYardMail1
How about publishing an SPF record for postfix.org.
 
This would work well:
"v=spf1 mx include:cloud9.net ~all"
 
 
Reply | Threaded
Open this post in threaded view
|

Re: Postfix.org SPF

Jeroen Geilman
On 07/03/2010 08:45 PM, [hidden email] wrote:
How about publishing an SPF record for postfix.org.
 
This would work well:
"v=spf1 mx include:cloud9.net ~all"
 
 
Um.. and then what ?

Reply | Threaded
Open this post in threaded view
|

Re: Postfix.org SPF

Sahil Tandon-3
In reply to this post by JunkYardMail1
On Sat, 2010-07-03 at 11:45:39 -0700, [hidden email] wrote:

> How about publishing an SPF record for postfix.org.

Why?

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Postfix.org SPF

JunkYardMail1
In reply to this post by Jeroen Geilman
 
Those who wish to make use of it can do so.
 
 
Sent: Saturday, July 03, 2010 11:46 AM
Subject: Re: Postfix.org SPF

On 07/03/2010 08:45 PM, [hidden email] wrote:
How about publishing an SPF record for postfix.org.
 
This would work well:
"v=spf1 mx include:cloud9.net ~all"
 
 
Um.. and then what ?

Reply | Threaded
Open this post in threaded view
|

Re: Postfix.org SPF

JunkYardMail1
In reply to this post by Sahil Tandon-3
Some do not accept email from domains whose owner does not publish the
servers they authorize to transfer mail for their domain.

--------------------------------------------------
From: "Sahil Tandon" <[hidden email]>
Sent: Saturday, July 03, 2010 11:53 AM
To: <[hidden email]>
Subject: Re: Postfix.org SPF

> On Sat, 2010-07-03 at 11:45:39 -0700, [hidden email] wrote:
>
>> How about publishing an SPF record for postfix.org.
>
> Why?
>
> --
> Sahil Tandon <[hidden email]>

Reply | Threaded
Open this post in threaded view
|

Re: Postfix.org SPF

mouss-4
[hidden email] a écrit :
> Some do not accept email from domains whose owner does not publish the
> servers they authorize to transfer mail for their domain.
>

Then it's their problem. Please don't revive the old spf thread. spf has
fans and opponents.

$ host -t txt yahoo.com
yahoo.com has no TXT record
$ host -t txt mail.com
mail.com has no TXT record
$ host -t txt outblaze.com
outblaze.com has no TXT record
...
(same with "spf" instead of "txt").


> --------------------------------------------------
> From: "Sahil Tandon" <[hidden email]>
> Sent: Saturday, July 03, 2010 11:53 AM
> To: <[hidden email]>
> Subject: Re: Postfix.org SPF
>
>> On Sat, 2010-07-03 at 11:45:39 -0700, [hidden email] wrote:
>>
>>> How about publishing an SPF record for postfix.org.
>>
>> Why?
>>
>> --
>> Sahil Tandon <[hidden email]>
>

Reply | Threaded
Open this post in threaded view
|

Re: Postfix.org SPF

Matt Hayes
In reply to this post by JunkYardMail1
On 07/04/2010 10:20 PM, [hidden email] wrote:

> Some do not accept email from domains whose owner does not publish the
> servers they authorize to transfer mail for their domain.
>
> --------------------------------------------------
> From: "Sahil Tandon" <[hidden email]>
> Sent: Saturday, July 03, 2010 11:53 AM
> To: <[hidden email]>
> Subject: Re: Postfix.org SPF
>
>> On Sat, 2010-07-03 at 11:45:39 -0700, [hidden email] wrote:
>>
>>> How about publishing an SPF record for postfix.org.
>>
>> Why?
>>
>> --
>> Sahil Tandon <[hidden email]>
>


Rejecting email souly on the fact that a domain doesn't publish an SPF
is stupid.

-Matt
Reply | Threaded
Open this post in threaded view
|

Re: Postfix.org SPF

JunkYardMail1
In reply to this post by mouss-4
Yahoo has ulterior motives?  They wish to push their domain keys.

Others probably likewise have ulterior motives.

Do you also oppose SPF, and if so what is your motives?


--------------------------------------------------
From: "mouss" <[hidden email]>
Sent: Sunday, July 04, 2010 7:29 PM
To: <[hidden email]>
Subject: Re: Postfix.org SPF

> [hidden email] a écrit :
>> Some do not accept email from domains whose owner does not publish the
>> servers they authorize to transfer mail for their domain.
>>
>
> Then it's their problem. Please don't revive the old spf thread. spf has
> fans and opponents.
>
> $ host -t txt yahoo.com
> yahoo.com has no TXT record
> $ host -t txt mail.com
> mail.com has no TXT record
> $ host -t txt outblaze.com
> outblaze.com has no TXT record
> ...
> (same with "spf" instead of "txt").
>
>
>> --------------------------------------------------
>> From: "Sahil Tandon" <[hidden email]>
>> Sent: Saturday, July 03, 2010 11:53 AM
>> To: <[hidden email]>
>> Subject: Re: Postfix.org SPF
>>
>>> On Sat, 2010-07-03 at 11:45:39 -0700, [hidden email] wrote:
>>>
>>>> How about publishing an SPF record for postfix.org.
>>>
>>> Why?
>>>
>>> --
>>> Sahil Tandon <[hidden email]>
>>
>
Reply | Threaded
Open this post in threaded view
|

Re: Postfix.org SPF

JunkYardMail1
In reply to this post by Matt Hayes
What is stupid is to be so opposed to anti spam tools that have no
significant downside.
Makes one wonder about true motives.

--------------------------------------------------
From: "Matt Hayes" <[hidden email]>
Sent: Sunday, July 04, 2010 7:29 PM
To: <[hidden email]>
Subject: Re: Postfix.org SPF

> On 07/04/2010 10:20 PM, [hidden email] wrote:
>> Some do not accept email from domains whose owner does not publish the
>> servers they authorize to transfer mail for their domain.
>>
>> --------------------------------------------------
>> From: "Sahil Tandon" <[hidden email]>
>> Sent: Saturday, July 03, 2010 11:53 AM
>> To: <[hidden email]>
>> Subject: Re: Postfix.org SPF
>>
>>> On Sat, 2010-07-03 at 11:45:39 -0700, [hidden email] wrote:
>>>
>>>> How about publishing an SPF record for postfix.org.
>>>
>>> Why?
>>>
>>> --
>>> Sahil Tandon <[hidden email]>
>>
>
>
> Rejecting email souly on the fact that a domain doesn't publish an SPF is
> stupid.
>
> -Matt

Reply | Threaded
Open this post in threaded view
|

Re: Postfix.org SPF

Matt Hayes
n 07/04/2010 10:53 PM, [hidden email] wrote:

> What is stupid is to be so opposed to anti spam tools that have no
> significant downside.
> Makes one wonder about true motives.
>
> --------------------------------------------------
> From: "Matt Hayes" <[hidden email]>
> Sent: Sunday, July 04, 2010 7:29 PM
> To: <[hidden email]>
> Subject: Re: Postfix.org SPF
>
>> On 07/04/2010 10:20 PM, [hidden email] wrote:
>>> Some do not accept email from domains whose owner does not publish the
>>> servers they authorize to transfer mail for their domain.
>>>
>>> --------------------------------------------------
>>> From: "Sahil Tandon" <[hidden email]>
>>> Sent: Saturday, July 03, 2010 11:53 AM
>>> To: <[hidden email]>
>>> Subject: Re: Postfix.org SPF
>>>
>>>> On Sat, 2010-07-03 at 11:45:39 -0700, [hidden email] wrote:
>>>>
>>>>> How about publishing an SPF record for postfix.org.
>>>>
>>>> Why?
>>>>
>>>> --
>>>> Sahil Tandon <[hidden email]>
>>>
>>
>>
>> Rejecting email souly on the fact that a domain doesn't publish an SPF
>> is stupid.
>>
>> -Matt
>


I'm not opposed to it and please stop TOP posting.

-Matt
Reply | Threaded
Open this post in threaded view
|

Re: Postfix.org SPF

Scott Kitterman-4
In reply to this post by JunkYardMail1
On Sunday, July 04, 2010 10:51:32 pm [hidden email] wrote:
> Yahoo has ulterior motives?  They wish to push their domain keys.
>
> Others probably likewise have ulterior motives.
>
> Do you also oppose SPF, and if so what is your motives?
>
Please stop.  This is offtopic for this list and not helpful in any case.  Some
people like and use SPF and some people don't.  Rejecting or discarding mail
due simply to a lack of and SPF record is idiotic and domain owners are
completely free to publish a record or not.

Consult Google if you want to know my views on SPF (they aren't hard to find).  
If you want to discuss SPF, there is an spf-discuss mailing list where such
discussions are on topic (see http://www.openspf.org/Forums for details).

Scott K
Reply | Threaded
Open this post in threaded view
|

Re: Postfix.org SPF

JunkYardMail1
In reply to this post by JunkYardMail1
US financial services industry group endorses SPF, so most banks, credit
unions, brokerages, etc. publish an SPF record.

MAAWG: "At the very least, senders should incorporate SPF records for their
mailing domains".

Austrailan DoD Recommends SPF

Google.com, GoogleMail.com, Gmail.com,
Comcast.net,
Verizon.net,
Frontier.net,
Charter.com,
Microsoft.com, Hotmail.com, Live.com,
AOL.com

All publish  SPF records as well.

It is simply becoming unnecessary to accept email from domains which do not
publish an SPF record to let receiving domains know the systems that are
authorized to transfer email for them.
And doing so cuts into spam significantly.


--------------------------------------------------
From: <[hidden email]>
Sent: Sunday, July 04, 2010 7:51 PM
To: <[hidden email]>
Subject: Re: Postfix.org SPF

> Yahoo has ulterior motives?  They wish to push their domain keys.
>
> Others probably likewise have ulterior motives.
>
> Do you also oppose SPF, and if so what is your motives?
>
>
> --------------------------------------------------
> From: "mouss" <[hidden email]>
> Sent: Sunday, July 04, 2010 7:29 PM
> To: <[hidden email]>
> Subject: Re: Postfix.org SPF
>
>> [hidden email] a écrit :
>>> Some do not accept email from domains whose owner does not publish the
>>> servers they authorize to transfer mail for their domain.
>>>
>>
>> Then it's their problem. Please don't revive the old spf thread. spf has
>> fans and opponents.
>>
>> $ host -t txt yahoo.com
>> yahoo.com has no TXT record
>> $ host -t txt mail.com
>> mail.com has no TXT record
>> $ host -t txt outblaze.com
>> outblaze.com has no TXT record
>> ...
>> (same with "spf" instead of "txt").
>>
>>
>>> --------------------------------------------------
>>> From: "Sahil Tandon" <[hidden email]>
>>> Sent: Saturday, July 03, 2010 11:53 AM
>>> To: <[hidden email]>
>>> Subject: Re: Postfix.org SPF
>>>
>>>> On Sat, 2010-07-03 at 11:45:39 -0700, [hidden email] wrote:
>>>>
>>>>> How about publishing an SPF record for postfix.org.
>>>>
>>>> Why?
>>>>
>>>> --
>>>> Sahil Tandon <[hidden email]>
>>>
>>
Reply | Threaded
Open this post in threaded view
|

Re: Postfix.org SPF

Sahil Tandon-3
On Sun, 2010-07-04 at 21:08:58 -0700, [hidden email] wrote:

[blah blah blah]

> It is simply becoming unnecessary to accept email from domains which
> do not publish an SPF record to let receiving domains know the systems
> that are authorized to transfer email for them.  And doing so cuts
> into spam significantly.

Please stop.  This is not the appropriate forum for SPF evangelism.  Do
you have a Postfix question?  If not, please DO NOT reply to this email
or continue this thread.  This is a technical mailing list ABOUT
POSTFIX. Thank you.

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Postfix.org SPF

JunkYardMail1
My original post was regarding postfix.  But you and others who seemed more
interested in taking it off topic to squelch the request for postfix.org to
publish an SPF record.

I oblige the challenge and then you all start complain about thread being
off topic.  Well it wouldn't be off topic if you all wouldn't have taken it
off topic.

So now, how about it.  How about an SPF record for the postfix.org domain,
from which posting to this mail list come.

Anyone opposed to the postfix.org domain publishing an SPF record?

--------------------------------------------------
From: "Sahil Tandon" <[hidden email]>
Sent: Sunday, July 04, 2010 9:12 PM
To: <[hidden email]>
Subject: Re: Postfix.org SPF

> On Sun, 2010-07-04 at 21:08:58 -0700, [hidden email] wrote:
>
> [blah blah blah]
>
>> It is simply becoming unnecessary to accept email from domains which
>> do not publish an SPF record to let receiving domains know the systems
>> that are authorized to transfer email for them.  And doing so cuts
>> into spam significantly.
>
> Please stop.  This is not the appropriate forum for SPF evangelism.  Do
> you have a Postfix question?  If not, please DO NOT reply to this email
> or continue this thread.  This is a technical mailing list ABOUT
> POSTFIX. Thank you.
>
> --
> Sahil Tandon <[hidden email]>

Reply | Threaded
Open this post in threaded view
|

Re: Postfix.org SPF

John Levine
>Anyone opposed to the postfix.org domain publishing an SPF record?

Yes.  Now, can you go away, please?

R's,
John, MAAWG senior technical advisor, among other things

Reply | Threaded
Open this post in threaded view
|

Re: Postfix.org SPF

Stan Hoeppner
In reply to this post by JunkYardMail1
[hidden email] put forth on 7/4/2010 9:53 PM:
> What is stupid is to be so opposed to anti spam tools that have no
> significant downside.

The problem is it has no significant upside either, which is why most sites
don't use it as an anti spam measure.  Since spammers can simply create an SPF
record for their domains such this

"v=spf1 +all"

a simple "does it have an SPF record" check does nothing to stop the spam,
since the above SPF string says every internet address is allowed to send mail
on behalf of the domain.  So you then must implement some script or code to
actually parse the SPF record in an effort to figure out if it's a spammer
domain or not.  So you parse out "+all" and reject mail from domains having
that string.  Then the botnet spammers do something sinisterly creative like this

"v=spf1 ip4:1.0.0.0/8 ip4:2.0.0.0/8 ip4:223.0.0.0/8 [...] -all"

which again allows every IP address to send on behalf of the spammer domain
but makes it pretty much impossible to parse and apply rules that firmly
identify it as a spammer domain.  Spammers may use something similar but with
more clever CIDR notation that doesn't break SPF record length rules, etc.
I'm not a spammer and have never crafted such a string, but it is possible,
and some do it.

Now you are absolutely screwed, unless you want to waste the thousands of man
hours required to write code to parse these types of records and make an
_accurate_ "spammer domain" determination based on these complex SPF records.

You are obviously a newbie when it comes to SPF as a spam fighting tool, or
spam fighting in general, or you'd have already known these things.  There are
far more effective anti-spam tools available that are much less error prone,
and require far less custom coding to make them work effectively.  I've been
heavily involved in spam fighting for a few years now, and I've yet to hear of
an effective SPF based spam fighting tool.  No seasoned SAs I've run into are
evangelizing SPF, but the opposite.

If you'd like to further your spam fighting eduction, I direct you to Google,
NANAE, and spam-l.  For every one newbie proponent of SPF as an A/S tool,
you'll find 999 seasoned SAs who don't and won't use it as an A/S tool.
Amongst seasoned SAs you will find some that use the existence of an SPF
record for _scoring only_ in SpamAssassin, but that's about the extent of its
use as an A/S tool.

--
Stan
Reply | Threaded
Open this post in threaded view
|

Re: Postfix.org SPF

JunkYardMail1
In reply to this post by John Levine
What is your objection?

--------------------------------------------------
From: "John Levine" <[hidden email]>
Sent: Sunday, July 04, 2010 9:48 PM
To: <[hidden email]>
Cc: <[hidden email]>
Subject: Re: Postfix.org SPF

>>Anyone opposed to the postfix.org domain publishing an SPF record?
>
> Yes.  Now, can you go away, please?
>
> R's,
> John, MAAWG senior technical advisor, among other things
>
Reply | Threaded
Open this post in threaded view
|

Re: Postfix.org SPF

JunkYardMail1
In reply to this post by Stan Hoeppner
Very aware spammers can create their own domains and and SPF records.  They
can do essentially the same thing with any anti spam measures.  And I have
see a number of them do just that, an SPF record of entire IPv4 address
space (0.0.0.0/0).  But guess what, everyone of them has been in an RHSBL.
The fact it prevents them from using just any ol domain instead of their own
makes it extermely quick and easy for them to get detected and added into
the RHSBL's.

Requiring an SPF record to publish a domains authorized MTA's is very
effective.

--------------------------------------------------
From: "Stan Hoeppner" <[hidden email]>
Sent: Sunday, July 04, 2010 10:58 PM
To: <[hidden email]>
Subject: Re: Postfix.org SPF

> [hidden email] put forth on 7/4/2010 9:53 PM:
>> What is stupid is to be so opposed to anti spam tools that have no
>> significant downside.
>
> The problem is it has no significant upside either, which is why most
> sites
> don't use it as an anti spam measure.  Since spammers can simply create an
> SPF
> record for their domains such this
>
> "v=spf1 +all"
>
> a simple "does it have an SPF record" check does nothing to stop the spam,
> since the above SPF string says every internet address is allowed to send
> mail
> on behalf of the domain.  So you then must implement some script or code
> to
> actually parse the SPF record in an effort to figure out if it's a spammer
> domain or not.  So you parse out "+all" and reject mail from domains
> having
> that string.  Then the botnet spammers do something sinisterly creative
> like this
>
> "v=spf1 ip4:1.0.0.0/8 ip4:2.0.0.0/8 ip4:223.0.0.0/8 [...] -all"
>
> which again allows every IP address to send on behalf of the spammer
> domain
> but makes it pretty much impossible to parse and apply rules that firmly
> identify it as a spammer domain.  Spammers may use something similar but
> with
> more clever CIDR notation that doesn't break SPF record length rules, etc.
> I'm not a spammer and have never crafted such a string, but it is
> possible,
> and some do it.
>
> Now you are absolutely screwed, unless you want to waste the thousands of
> man
> hours required to write code to parse these types of records and make an
> _accurate_ "spammer domain" determination based on these complex SPF
> records.
>
> You are obviously a newbie when it comes to SPF as a spam fighting tool,
> or
> spam fighting in general, or you'd have already known these things.  There
> are
> far more effective anti-spam tools available that are much less error
> prone,
> and require far less custom coding to make them work effectively.  I've
> been
> heavily involved in spam fighting for a few years now, and I've yet to
> hear of
> an effective SPF based spam fighting tool.  No seasoned SAs I've run into
> are
> evangelizing SPF, but the opposite.
>
> If you'd like to further your spam fighting eduction, I direct you to
> Google,
> NANAE, and spam-l.  For every one newbie proponent of SPF as an A/S tool,
> you'll find 999 seasoned SAs who don't and won't use it as an A/S tool.
> Amongst seasoned SAs you will find some that use the existence of an SPF
> record for _scoring only_ in SpamAssassin, but that's about the extent of
> its
> use as an A/S tool.
>
> --
> Stan

Reply | Threaded
Open this post in threaded view
|

Re: [Postfix-Users] Re: Postfix.org SPF

John R. Dennison
In reply to this post by JunkYardMail1
On Sun, Jul 04, 2010 at 11:31:03PM -0700, [hidden email] wrote:
> What is your objection?

        For the love of $deity *STOP* top-posting.  Thank you.

        You wanted an objection?  There it is.




                                                        John


--
"Thinking implies disagreement; and disagreement implies non-comformity; and
non-comformity implies heresy; and heresy implies disloyality -- so obviously
thinking must be stopped"
[Call to Greatness, 1954] -- Adlai Stephenson

attachment0 (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Postfix-Users] Re: Postfix.org SPF

JunkYardMail1
That is what I thought.  You really don't have an objection or case to back
it up so reveal your true nature by attacking  with personal criticism
rather than sticking to the subject matter and making your case.

--------------------------------------------------
From: "John R. Dennison" <[hidden email]>
Sent: Sunday, July 04, 2010 11:43 PM
To: <[hidden email]>
Cc: <[hidden email]>
Subject: Re: [Postfix-Users] Re: Postfix.org SPF

 

12