From owner-freebsd-questions@FreeBSD.ORG Thu Oct 16 17:59:44 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5796B106568A for ; Thu, 16 Oct 2008 17:59:44 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from QMTA01.westchester.pa.mail.comcast.net (qmta01.westchester.pa.mail.comcast.net [76.96.62.16]) by mx1.freebsd.org (Postfix) with ESMTP id F19A18FC1F for ; Thu, 16 Oct 2008 17:59:43 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from OMTA14.westchester.pa.mail.comcast.net ([76.96.62.60]) by QMTA01.westchester.pa.mail.comcast.net with comcast id TQn11a0061HzFnQ51VzjAm; Thu, 16 Oct 2008 17:59:43 +0000 Received: from koitsu.dyndns.org ([69.181.141.110]) by OMTA14.westchester.pa.mail.comcast.net with comcast id TVzh1a00P2P6wsM3aVzhdZ; Thu, 16 Oct 2008 17:59:42 +0000 X-Authority-Analysis: v=1.0 c=1 a=xV6OIcyWy4YA:10 a=q5Nov78KhrQA:10 a=QycZ5dHgAAAA:8 a=Jwy_ZDAPcN797sOI8h0A:9 a=DzFoMhrqym26OFj1DYgA:7 a=6kRpYGhVBNwmS_eN136dZFxDVsYA:4 a=8sFLHOSOImcA:10 a=j33SjboCZK4A:10 a=EoioJ0NPDVgA:10 a=qIVjreYYsbEA:10 a=LY0hPdMaydYA:10 Received: by icarus.home.lan (Postfix, from userid 1000) id 5992FC941C; Thu, 16 Oct 2008 10:59:41 -0700 (PDT) Date: Thu, 16 Oct 2008 10:59:41 -0700 From: Jeremy Chadwick To: RW Message-ID: <20081016175941.GB16235@icarus.home.lan> References: <20081016090102.17qwm4xcs6f4so8ok@intranet.casasponti.net> <20081016145255.GA12638@icarus.home.lan> <48F75A88.1000507@infracaninophile.co.uk> <20081016173807.64d0f24e@gumby.homeunix.com.> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20081016173807.64d0f24e@gumby.homeunix.com.> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-questions@freebsd.org, Luke Dean Subject: Re: I've just found a new and interesting spam source - legitimate bounce messages X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2008 17:59:44 -0000 On Thu, Oct 16, 2008 at 05:38:07PM +0100, RW wrote: > On Thu, 16 Oct 2008 08:54:55 -0700 (PDT) > Luke Dean wrote: > > > > > > > On Thu, 16 Oct 2008, Matthew Seaman wrote: > > > > > Until the wonderful day that the entire internet abides by these > > > rules[*], use > > > of technologies like SPF and DKIM can discourage but not entirely > > > prevent the spammers from joe-jobbing you. > > > > I just started getting these bouncebacks en masse this week. > > My mail provider publishes SPF records. > > SPF increases the probability of spam being rejected at the smtp > level at MX servers, so my expectation would be that it would exacerbate > backscatter not improve it. Just a side comment for added clarity: this ultimately depends on how the mail server administrator implemented SPF. For example, our mail servers *do not* do SPF lookups at the SMTP level (e.g. in postfix) because 1) the added complexity is not worth it, and 2) spammers are now hijacking DNS. Instead, our servers use SPF in SpamAssassin, subtracting from the spam probability score if an SPF record is found and matches appropriately. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |