[Mimedefang] Deadline for SPF records *long w/morbid horoscope*

Jeff Rife mimedefang at nabs.net
Thu Aug 12 18:02:50 EDT 2004 

On 12 Aug 2004 at 10:14, Kelson Vibber wrote:

> 1. Spammer targets the backup MX (us), assuming it's less protected.
> 2. We queue, reject, or discard the message.
> 3. Mail ends up at customer's primary mail server, which rejects *on 
> different criteria*.
> 4. Customer's server issues an SMTP reject to our server.
> 
> At this point, we technically *should* generate a bounce.  The
> address we sent it on to was valid, but the message could not be
> delivered.

I admit that I used shorthand to describe the process of making sure 
that the MX has the list of valid addresses.

I should expand on that to say that if the MX accepts it, then it is 
deliverable.

My solution to this would be if I had to use different rejection 
criteria from the MX that gets the mail first, I would not bounce the 
message, but instead just eat it.  That's not the best thing to do, but 
my contract with the Internet is that once an MX that answers for me 
accepts the mail, the Internet doesn't need to be bothered any more.

>                                          On the other hand, if we
> *did* have that information, we could have blocked the mail without
> even queueing it up for the primary MX.
> 
> Now if you run all your MXes yourself, you can make sure they all use the 
> same criteria and only reject mail at the border.  But that's a bit more 
> difficult when one is in-house and the other belongs to your ISP

We solve this merely by have a point of presence with enough ISPs (we 
have divisions or even just workers like me who use a different ISP) to 
allow us to run multiple MXs each with different connections to the 
backbone.

> And then there's the scenario in which the forged message makes it
> through to a valid address, someone reads it and fires off a
> complaint to the person they think sent it... 

That's something that only user education will fix, so I'm not counting 
on seeing it happen anytime soon. :)


--
Jeff Rife        |  
SPAM bait:       | 
http://www.nabs.net/Cartoons/Dilbert/LostNetworkPassword.gif 
AskDOJ at usdoj.gov |  
spam at ftc.gov     |

More information about the MIMEDefang mailing list