ASSP ?

Help improve Exetel's services (a Suggestion Box is also available in your member facilities)
SysAdmin

Post by SysAdmin » Tue Sep 04, 2007 4:22 pm

Spanner_Man wrote:
SysAdmin wrote:SPF is not an anti-spam measure; it just happens to look like one on TV.
Perhaps some light reading for you Andrew ... http://www.openspf.org/Introduction
Protection of a users email address can help stop alot of email that isn't warranted, it may not be classed as spam but has the same taste as spam (both the electronic kind and the compressed meat type).
SPF is an anti-forgery measure. This happens to have a side-effect that, at the moment, can be used to help reduce spam.

Andrew

Spanner_Man

Post by Spanner_Man » Tue Sep 04, 2007 4:35 pm

SysAdmin wrote:SPF is an anti-forgery measure. This happens to have a side-effect that, at the moment, can be used to help reduce spam.

Andrew
Thus the more difficult it is to send email thats forged to look like a legimate email (which is one of the many different ways that spam is sent) the better for everyone involved, including users that have their email addressed forged on spam messages that are sent to millions of email address's every day.

Hence my statement about domains needing to have in place an SPF record, which is also part of RFC 4406

SysAdmin

Post by SysAdmin » Tue Sep 04, 2007 4:38 pm

Spanner_Man wrote:
SysAdmin wrote:SPF is an anti-forgery measure. This happens to have a side-effect that, at the moment, can be used to help reduce spam.

Andrew
Thus the more difficult it is to send email thats forged to look like a legimate email (which is one of the many different ways that spam is sent) the better for everyone involved, including users that have their email addressed forged on spam messages that are sent to millions of email address's every day.
What you are referring to there is preventing forgeries, which, as a side-effect, helps prevent some spam. Spamming using SPF laden domains is quite possible and fairly easy (though, obviously, not as easy as not having to bother with it at all).

Andrew

thomashouseman
Posts: 750
Joined: Thu Mar 18, 2004 12:06 pm
Location: Toongabbie
Contact:

Post by thomashouseman » Tue Sep 04, 2007 6:04 pm

Here's some more info on SPF and Domainkeys:

http://netwinsite.com/spf.htm
What about 'DomainKeys' ?

DomainKeys is a cryptographic solution which is similar to SPF, in general, SPF does everything that domainkeys does, but without the extra load and complexity of cryptography. We recommend you also use domainkeys tests (available in the latest versions of surgemail) for incoming email to cope with the two large providers who refuse to define SPF records (apparently for political reasons).
SPF (Sender Permitted From) is a new machanism which allows you to define what ip addresses are permitted to send mail 'from' your domain, this will stop spammers from pretending to send message from your domain.
Why/How will SPF stop spam?

There are two types of spam, legitimate businesses sending email from real domains to people who haven't asked for it, this type of spam is annoying, but trivial to filter with simple rules and RBL databases. And most businesses are learning not to do this as they rapidly find themselves cut off from the customers they do want to talk to. This type of spam will continue but at a relatively lower level, it isn't really a problem.

The second type of spam is the problem, it's sent by people who use fake 'from' addresses and domains, via multiple ip addresses and virus mail slaves, meaning each email comes from a new ip address, each email is written specifically to evade the filters, and new variants are written each day. These mails are more or less impossible to filter. However, this second set is trivial to block with SPF!!!

Spanner_Man

Post by Spanner_Man » Tue Sep 04, 2007 6:30 pm

thomashouseman wrote:Here's some more info on SPF and Domainkeys:

http://netwinsite.com/spf.htm
Thank you, you understand the point i am trying to get across. It seems that Andrew has this beleif (from what i can assume from the type and context of his posts) that an SPF record isn't as good at stopping spam as what RBL databases only permit as legitimate email. Only using one or the other isn't as effective as using both, as well as grey listing. The majority of major ISP's use only a small number of IP address or a single IP address as their mail server for their clients, hence why greylisting is, in my opnion is alot "easier" for the end user, its all done automatically and without user intervention needing to submit possible spam emails that failed detection with services that use algothrims on message bodys to detect if its spam or not.

petemoss
Posts: 192
Joined: Sat Sep 30, 2006 3:22 pm

Post by petemoss » Mon Dec 10, 2007 11:02 pm

Any changes in this issue ? That is, do Exetel have any plans to implement ASSP .

Something I'm noticing in the logs for ASSP (for the email server I use for most emails), is that Exetel is not following RFC "standards" like other email servers.

Most are resending (after the soft failure - 451) just after the embargo period, which is usually set at 5 minutes. However, Exetel do not resend for many hours, in fact often, just before the 24 hour maximum period.

Can Exetel please change the email server config, so that it will reattempt deliver in between 5 minutes and (say) 30 minutes please ?

SysAdmin

Post by SysAdmin » Tue Dec 11, 2007 8:40 am

Can Exetel please change the email server config, so that it will reattempt deliver in between 5 minutes and (say) 30 minutes please ?
It does. Can you PM me with the relevant details (email and ip addresses
involved, etc) and I'll take a look into it.

Andrew

Anthony Michaud
Posts: 128
Joined: Tue Jun 06, 2006 11:59 am
Location: Victoria
Contact:

Post by Anthony Michaud » Tue Dec 11, 2007 3:01 pm

SPF isn't a silver bullet for spam.

Spanner_Man

Post by Spanner_Man » Tue Dec 11, 2007 3:03 pm

Anthony Michaud wrote:SPF isn't a silver bullet for spam.
No, but using algrothyms alone isn't a silver bullet either.
So far on one email server with greylisting and SPF lookup has dropped spam received from ~200 a day to ~5 a week.

thomashouseman
Posts: 750
Joined: Thu Mar 18, 2004 12:06 pm
Location: Toongabbie
Contact:

Post by thomashouseman » Tue Dec 11, 2007 3:05 pm

Anthony Michaud wrote:SPF isn't a silver bullet for spam.
No but it certainly helps.

27% blocked.

Past day's spam smite score details:
Uptime : 1 days 03:42:29 Server time: Tue Dec 11 15:07:36 2007

Authent: Lookups 12, cache 972, no such user 6, cache size 6, speed 0.01/s
Smite : 27.3% 56/205

NetworkAdmin
Posts: 559
Joined: Tue Jan 06, 2004 1:19 am
Contact:

Post by NetworkAdmin » Tue Dec 11, 2007 4:02 pm

Doing anything other than have current SPF records for a public email server is a really bad idea. There are just too many non, wrong and broken configured servers, not to mention any hint of domain lameness, which will cause a bounce on otherwise legitimate email.

thomashouseman
Posts: 750
Joined: Thu Mar 18, 2004 12:06 pm
Location: Toongabbie
Contact:

Post by thomashouseman » Tue Dec 11, 2007 4:24 pm

Agreed,

I use if for more of an anti spam scorer...

i.e. apply all spam scores and if SPF validates, apply a negative value score for it to the score... if that makes sense.

petemoss
Posts: 192
Joined: Sat Sep 30, 2006 3:22 pm

Post by petemoss » Tue Dec 11, 2007 4:36 pm

SysAdmin wrote: It does. Can you PM me with the relevant details (email and ip addresses involved, etc) and I'll take a look into it.
I sent a test email this afternoon, and it has already been over 1 hour, and no retry from Exetel as yet.

I looked through the logs, and there was one yesterday from Exetel, and the retry was 16 hours later. :(

Yes, I'll PM the details to you.

SysAdmin

Post by SysAdmin » Tue Dec 11, 2007 5:20 pm

petemoss wrote:
SysAdmin wrote: It does. Can you PM me with the relevant details (email and ip addresses involved, etc) and I'll take a look into it.
I sent a test email this afternoon, and it has already been over 1 hour, and no retry from Exetel as yet.
:/
Yes, I'll PM the details to you.
Please.

Andrew

petemoss
Posts: 192
Joined: Sat Sep 30, 2006 3:22 pm

Post by petemoss » Tue Dec 11, 2007 10:45 pm

The email was finally resent, 6h 16m 53s later. :shock:

Post Reply