From owner-freebsd-questions@FreeBSD.ORG  Thu Oct 16 17:39:49 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CF2A7106568F
	for <freebsd-questions@freebsd.org>;
	Thu, 16 Oct 2008 17:39:49 +0000 (UTC)
	(envelope-from eculp@casasponti.net)
Received: from ns2.bafirst.com (72-12-2-19.static.networktel.net [72.12.2.19])
	by mx1.freebsd.org (Postfix) with ESMTP id 91FC98FC1F
	for <freebsd-questions@freebsd.org>;
	Thu, 16 Oct 2008 17:39:49 +0000 (UTC)
	(envelope-from eculp@casasponti.net)
Received: from casasponti.net ([201.155.7.3])
	by ns2.bafirst.com with esmtp; Thu, 16 Oct 2008 12:39:44 -0500
	id 000D52D3.48F77C62.00002213
Received: from localhost (localhost [127.0.0.1]) (uid 80)
	by casasponti.net with local; Thu, 16 Oct 2008 12:39:11 -0500
	id 00130D0F.48F77C3F.00010F65
Received: from dsl-189-190-8-164.prod-infinitum.com.mx
	(dsl-189-190-8-164.prod-infinitum.com.mx [189.190.8.164]) by
	intranet.casasponti.net (Horde Framework) with HTTP; Thu, 16 Oct 2008
	12:39:11 -0500
Message-ID: <20081016123911.17qwm4xcs6kgwg8so@intranet.casasponti.net>
Date: Thu, 16 Oct 2008 12:39:11 -0500
From: eculp@casasponti.net
To: freebsd-questions@freebsd.org
References: <20081016090102.17qwm4xcs6f4so8ok@intranet.casasponti.net>
	<20081016145255.GA12638@icarus.home.lan>
	<48F75A88.1000507@infracaninophile.co.uk>
	<alpine.BSF.2.00.0810160846040.473@border.lukas.is-a-geek.org>
	<20081016173807.64d0f24e@gumby.homeunix.com.>
	<20081016115844.17qwm4xcs6jkg84oc@intranet.casasponti.net>
	<48F77723.9090003@infracaninophile.co.uk>
In-Reply-To: <48F77723.9090003@infracaninophile.co.uk>
MIME-Version: 1.0
Content-Type: text/plain;
	charset=ISO-8859-1;
	DelSp="Yes";
	format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User-Agent: Internet Messaging Program (IMP) H3 (5.0-cvs)
X-Remote-Browser: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.17)
	Gecko/20080925 Firefox/2.0.0.17
X-IMP-Server: 201.155.7.3
X-Originating-IP: 189.190.8.164
X-Originating-User: eculp@casasponti.net
Subject: Re: I've just found a new and interesting spam source - legitimate
	bounce messages
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Oct 2008 17:39:50 -0000

Matthew Seaman <m.seaman@infracaninophile.co.uk> escribi=F3:

> eculp@casasponti.net wrote:
>> RW <fbsd06@mlists.homeunix.com> escribi=F3:
>>
>>> On Thu, 16 Oct 2008 08:54:55 -0700 (PDT)
>>> Luke Dean <LukeD@pobox.com> wrote:
>>>
>>>>
>>>>
>>>> On Thu, 16 Oct 2008, Matthew Seaman wrote:
>>>>
>>>>> Until the wonderful day that the entire internet abides by these
>>>>> rules[*], use
>>>>> of technologies like SPF and DKIM can discourage but not entirely
>>>>> prevent the spammers from joe-jobbing you.
>>>>
>>>> I just started getting these bouncebacks en masse this week.
>>>> My mail provider publishes SPF records.
>>>
>>> SPF increases the probability of spam being rejected at the smtp
>>> level at MX servers, so my expectation would be that it would exacerbate
>>> backscatter not improve it.
>>>
>>> Many people recommend SPF for backscatter, but I've yet to hear a cogent
>>> argument for why it helps beyond the very optimistic hope that spammers
>>> will check that their spam is spf compliant.
>>
>> I feel the same way and thanks for adding some humor to the situation.
>
> Most spammers aren't aiming to generate back-scatter as their primary
> means of disseminating their spam, so they'll do what they can to get
> the best chance of a successful delivery.  That means sending SPF =20
> compliant e-mails where possible.  It's actually quite simple for =20
> them to filter out SPF protected addresses from their target lists, =20
> so they do tend to do that, and it's typically the same list of =20
> target addresses they use for forged senders too.  It's telling that =20
> both having a correct SPF record  and having no SPF record at all =20
> have a zero score in SpamAssassin (ie. neutral) whereas =20
> non-compliance scores lots of spam points.
>
> Also see my point earlier about rejecting messages during the SMTP =20
> dialogue.  SPF is easy to check early and lets you reject messages
> before acknowledging receiving them, which means a lot fewer bounce =20
> messages to (probably forged) sender addresses.
Thanks, Matthew.

That I've not done due to the possibility of rejecting legit email.  =20
I'm going to revisit that decision.

ed

>
> =09Cheers,
>
> =09Matthew
>
> --=20
> Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
>                                                  Flat 3
> PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
>                                                  Kent, CT11 9PW
>
>