SPF (Sender Permitted From)

Peter Mann Peter.Mann na tuke.sk
Středa Únor 4 06:52:01 CET 2004 

On Tue, Feb 03, 2004 at 02:48:46PM +0100, Jozef Hitzinger wrote:
> On Tue, 3 Feb 2004, Peter Mann wrote:
> 
> > su uz aj nejake prakticke skusenosti???
> > ja som akurat precital zopar informacii z http://spf.pobox.com/
> 
> Hotmail.com uz opublikoval spf zaznamy, pred tyzdnom ci dvoma to bolo na
> slashdote. Ak si nastavite server aby to kontroloval -> uz ziaden spam ani
> virus so sfalsovanou Return-Path: co konci na hotmail.com .. dobre, nie?
> 
> Obdobne, ak vyexportujete do DNS zaznamy vy, casom az viac serverov to
> bude kontrolovat, nebudu sa tolko sirit maily so sfalsovanym tuke.sk

no, poriadne som to precital a presiel som aj cca 350 mailov velky
thread o SPF v konfere postfix-users ... po prvom "nadseni" som zistil,
ze to nie je az take jednoduche, najma pri forwardovani ... atd.
(ak ma niekto zaujem, mozem mu ten thread poslat ako .mbox.gz)

kazdopadne je asi dobre, ze hotmail alebo aol zverejnili svoje SPF
zaznamy, docasne to trosku znizi spam z tychto domen, pokial si nastavim
SPF filtrovanie, lenze spammeri sa casom presunu na ine domeny

je to naozaj dost velky problem a zavisi to hlavne od toho, aku "policy"
si nastavim ako spravca domeny ... aj preto by som bol rad, keby sme tu
rozprudili diskusiu na tuto temu ;-))

myslim, ze jeden mail to vystihuje presne:

------------

 Subject: Re: SPF is fundamentally broken
 Date: Wed, 14 Jan 2004 17:49:01 -0500 (EST)

 > > SPF is fundamentally and completely broken since it makes critical
 > > assumptions about the SMTP protocol which are absolutely NOT TRUE.
 >
 > If this is the case, then SMTP is fundamentally broken, because the
 > assumptions SPF makes must be true in a world where sender
 > authentication is
 > necessary to prevent spam and ensure the consequences of spamming fall
 > on
 > the right person.

 No, it is the real world which is broken. Which of the three
 is best fixed first? SMTP, SPF, or the real world?

------------

> Problem su ludia co sa pripajaju cez napr. stonline, ale chcu posielat
> mail s adresou z prace .. treba im rozbehat SMTP AUTH (zatial nemam).

toto som vyriesil tak, ze kazdy nech si dava From: podla toho, cez
ktoreho providera sa pripaja ... a nech si nastavi Reply-to: kam chce
dostat odpoved ... to je podla mna velmi elegantne riesenie

-- 

5o   Peter.Mann at tuke.sk
     KLFMANiK ICQ 12491471
         PM2185-RIPE

Další informace o konferenci Sendmail