Killing spam - SPF

Marcus Brubaker marcus.brubaker-H217xnMUJC0sA/PxXw9srA at public.gmane.org
Wed Apr 21 02:29:29 UTC 2004 

On Tue, 2004-04-20 at 21:57, Colin McGregor wrote:
> "Lance F. Squire" <lance-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org> on Tuesday, April 20, 2004 10:09 AM
> wrote:
> 
> > What's the best/easy spam filter out there right now.
> >
> > I've heard of Spam Assassin. Is that the one to go with?
> 
> While not strictly speaking a spam killing tool I am in the process of
> setting up SPF for the domains and mail server I administer. What SPF does
> is it asks the question "Is the machine that is attempting to sending me
> e-mail authorised by the domain holder to send e-mail for the domain they
> claim to be sending from?". In other words if you get an e-mail that is
> coming from a Roger's IP number but has an AOL from address SPF will assume
> it to be bad news and discard it. Or if an e-mail comes from a AOL IP
> number, but does not come from a mail server that AOL has authorised to send
> e-mail SPF can again assume the e-mail to be bad news and drop it.
> 
> SPF is far from perfect as a spam solution in that it only attempts to
> verify that a particular e-mail came from a site the domain owner authorises
> it to come from (i.e. anyone wanting to run their own mail server from home
> had likely best set-up their own domain...). For the foreseeable future a
> significant number of sites will not have the authorised mail server list in
> their DNS entries to support SPF. Also, some spammers I am sure will have
> their own little ISPs with SPF entries so spam will appear legit enough to
> pass. Still SPF is useful as it does raise the bar for spammers, making it
> much harder to hide where they are actually coming from, and making other
> anti-spam tools like blacklisting based on domain name more effective... It
> also raises the bar for virus writers who if they want their creations to
> spread among Windows boxes will again have to be more open about where the
> virus is coming from (making correction and cure easier...). Lastly it also
> reduces the value of open relays as a run of the mill mis-configured
> Linux/*BSD/virus infected Windows box in a domain that has implemented SPF
> con not send much without being noticed...
> 

That being said it also makes it difficult to send email from mutliple
accounts.  For instance, I have an email account with the CS department
at U of T.  It is accessible via imap/pop3 remotely but they don't
provide an externally available SMTP server so email that I send from
that account (when not on campus) goes through my ISPs SMTP relay.  The
same kind of problem pops up when you run your own SMTP relay in order
to avoid relying on external servers.

Regards,
-- 
Marcus Brubaker <marcus.brubaker-H217xnMUJC0sA/PxXw9srA at public.gmane.org>

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list