[Mimedefang] Re: What to do about bounced forgeries?
Kenneth Porter
shiva at sewingwitch.com
Mon Dec 22 14:52:59 EST 2003
--On Monday, December 22, 2003 8:58 AM -0500 "Kevin A. McGrail"
<kmcgrail at pccc.com> wrote:
> The main problem with implementing SPF at my company is being caused by
> internet service providers blocking port 25 outbound.
>
> Obviously I think this ISP policy has great benefits but even though we
> run SMTP on an alternate port, many people simple call their ISP and get
> told to send outbound off the ISP's server.
I have the related problem that many MTA's block SMTP (direct-to-MX) from
consumer broadband blocks. I understand why they do it but it does hit the
innocent along with the guilty and the clueless. Fortunately I have a
colo'd server I can redirect to for those situations. ($300/month for 8
Mbps unmetered; it's a game server and my team captain foots most of the
bill.)
> We simply don't have the resources to call and educate potentially
> hundreds or thousands of people and I consider our company pretty
> proactive. If we can't implement this any time soon, I question the
> ability of other company's to implement this system.
SpamAssassin already has a rule in CVS and I believe it's targeted for the
2.70 release. (Just saw this mentioned on the SA list, 12/20 around the
middle of the day.) Here's a related bugzilla:
<http://bugzilla.spamassassin.org/show_bug.cgi?id=2634>
As more ISP's use SA, SPF should become a common component in filtering.
> Because SPF is DNS related, the possibility of caching comes into play.
Ok. So spammers use long TTL's to keep their shut down DNS from having an
effect. So we have to create an RBL that vetos SPF for some domains.
> Finally, while I understand SPF to be a relatively simple DNS based
> system, I also specialize in handling DNS issues. Unfortunately, because
> of the fact that when I have to interface with some company's to get DNS
> changes made, I rarely can get an MX record updated properly let alone
> major entries to a zone done properly.
I run my own master for my domains and use ZoneEdit to secondary, so it's
pretty simple to push out changes. I've also got a domain through a budget
registrar that has a pretty good web interface for updating records and it
would be simple to update the SPF record with that. If SPF gets popular, I
imagine the web interfaces would add the SPF wizard.
More information about the MIMEDefang
mailing list