[Mimedefang] SPF Usefulness (was Re: SNARE spam detection)

- kd6lvw at yahoo.com
Wed Jul 29 18:03:36 EDT 2009


SPF isn't an anti-spam tool.  It is an anti-FORGERY tool.  It would only eliminate forged (or "spoofed") spam, not spam that doesn't hide its origin.  It has some situations that it doesn't detect:

- Cross-user forgeries (within the same domain).
- Cross-domain forgeries (when multiple domains share an outbound mail server).
- Forwarded messages (False positives if the envelope sender isn't adjusted or the test isn't bypassed for a trusted forwarder)

It's useful as a message REJECTION tool.  It can also useful when the method passes, in that we have a responsible IP address to complain to or about.

If more people bothered to check it, it would cut down or eliminate backscatter.  Remember that "implementation" is a TWO step process:

1)  Publish an SPF record for your own hosts.   AND
2)  CHECK SPF records of others.

Alot of people claim to have "implemented SPF" based on step one only.  BOTH steps are necessary.  I find it more efficient to use MD and check SPF in the "filter_sender()" stage than to compile in a third-party modification to sendmail or try to implement the checks via the M4 rules.

Note that a PROPER perl implementation uses Mail::SPF, NOT Mail::SPF::Query, the latter having been depreciated and doesn't understand IPv6.



More information about the MIMEDefang mailing list