On Mon, 2006-06-12 at 16:25 -0400, Horst von Brand wrote:
> Bernd Petrovitsch <[email protected]> wrote:
[...]
> > The "problem" is that postmasters on the Net must do something
>
> It took /years/ until open relays weren't common anymore... and that is a
ACK. And it will take years to somwhat get a grip on the the spam
problem. And will take more "tools" than SPF.
> /simple/ measure, on by default in newer upstream packages, no admin
> intervention required. DNS works badly, here in Chile a mayor ISP had a
Well, the only necessary admin intervention was "update that MTA
package". This seems trivial and no work for people used to
yum/apt-get/urpmi/red-carpet/... but it looked quite differently 10
years ago for other OSs (Win*, Solaris 2.5, etc., hell, I knew of a
third-party MTA on Novell 3.12 where it was not even possible to
deactivate relaying).
> totally broken setup for many years.
It was an interesting experience in Austria for (mostly small) ISPs that
from one day to another email delivery didn't work anymore. No wonder
since they had almost no reverse DNS zones ....
> > (namely
> > 1) define if they want to allow others to detect forged emails claimed
> > to come from their domain
>
> They have /very/ little to gain by that, and setting it up correctly is a
> mayor hassle. It breaks people sending mail "from" the domain when they
> aren't there (this is rather common for people on the road), and has no
> real fix. I.e., it won't ever be done. Or it will be tried, some email from
Use secure authenticated mail submission on a known good MTA of said
domain (and even the smallest ISP should be able to set that up).
Yes, this seems like a waste of everything - but IMHO neglectable
compared to the ressources wasted by spam.
> Big Cheese doesn't go through, and it will be axed.
>
> > and 2) - if yes to 1) - to get appropriate SPF
> > records into DNS)
>
> Many people have no (or very little) control over their DNS data. A spammer
> can then just claim it comes from one of the millions of SPF-less domains
> in the world (if they don't set up their own SPFied one...). Besides,
> discussions on the spamassassin lists show that SPFied email is a rather
> reliable indicator of spam as things stand today...
Apparently spammers are faster to adopt new developments and standards
than others. SCNR ...
> > and people must either use a "good" mail relay (and
> > not just the one next door) or convince postmasters to change the SPF
> > records.
>
> Won't happen.
>
> > > It'll break standard-abiding email.
>
> > As you see, standards change.
>
> Yep. But SPF breaks email, not just changes the standard. For no gain at all.
Well, if you run a mail server behind a quite small line and some
spammer really forges your domain in the From: so that it takes 4 days
(yes, 96 hours) so that the bounce storm calms down and legitimate mail
can be processed again, means against trivial domain forgeries make
sense.
> > > Do you really want that?
>
> > Yes. Especially gmail.com should do such a thing - there is such a lot
> > of - presumbly forged - @gmail.com mails in my mailboxes that
> > blacklisting the whole domain causes probably more good than bad (for
> > me, of course).
>
> There is spam that really comes from gmail...
Probably. But this is a problem gmail must (and only can) solve.
Bernd
--
Firmix Software GmbH http://www.firmix.at/
mobil: +43 664 4416156 fax: +43 1 7890849-55
Embedded Linux Development and Services
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
