Weblog entry #65 for Steve

See all weblog entries made by Steve.

XML logo

#65
SPF worthless?
Posted by Steve on Tue 17 Jan 2006 at 15:53
Tags: none.

I've been publishing SPF records on my primary domain for over a year now.

Yet still I get random joe-job bounces.

Today for example I received 87 bounced mails all with contents like:

   ----- Transcript of session follows -----
... while talking to xxx.x.x.x.x.:
>>> DATA
<<< 550 Protocol violation
451 4.4.1 reply: read error from xxx.xxx.xx.x.
554 5.0.0 Service unavailable

So somebody sent out a spam message with a from address faked as "foo@steve.org.uk" - the recepient's mailserver failed to accept it because it found a "protocol violation". (I guess that means either spam filtering kicked in, or something was wrong in the senders system)

But why do I get the bounce? Because the recipients mailserver doesn't even bother to check with SPF.

I think I'm just going to remove the SPF records. Nobody significant seems to use them, and it is just another thing to remember to update.

ObRelated: I need to change the mail handling here, so that comment notifications come from some kind of "bounce@d-a.org" email address - so I can just killfile any bounces/autoreplies.

I haven't the patience to keep reading them manually.

[ 5 Comments | Add Comment | XML logo ]
<<< Previous Next >>>

 

Comments on this Entry

#1
Re: SPF worthless?
Posted by simonw (84.45.xx.xx) on Tue 17 Jan 2006 at 17:43
[ Send Message | View Weblogs ]
I don't think it is completely worthless, but it requires the whole way SMTP is used to change. As such few people now reject email on an SPF failure, because it generates more grief than accepting the junk. Besides most of the bounces come from the clueless. Deploying any change like that across the Internet takes time, and will likely never be 100%.

Also you never know how many bounces you might have got but for the SPF records.

However I don't believe the "spam problem" as perceived is a root cause problem, and some aspects of it can't be easily removed from an open communication system.

http://www.circleid.com/posts/there_is_no_spam_problem/

Of course if you think you can come up with a "spam proof" protocol in the current state of network security, it would probably be easier to implement as an entirely new messaging product, than patch SMTP.

I mean Skype got maybe 5% or so of the desktops, and it is closed source, proprietary protocol, and not even spam proof (unless you hide your details, which defeats the object by and large). And the IM protocols are doing pretty well in terms of coverage, and not hugely spammed (AFAICT).

[ Parent | Reply to this comment ]

#2
Re: SPF worthless?
Posted by Anonymous (64.205.xx.xx) on Tue 17 Jan 2006 at 18:19
Except ICQ, where everyone's user ID was a random (or was it sequential?) integer. Made it fairly easy to randomly choose a target for your spam message.

[ Parent | Reply to this comment ]

#3
Re: SPF worthless?
Posted by Anonymous (213.164.xx.xx) on Tue 17 Jan 2006 at 18:35
SMTP is so antiquated. I say replace it with HTTP.

You send a notification to a mail server that you want to send them an e-mail, it collects it from your server.

[ Parent | Reply to this comment ]

#4
Re: SPF worthless?
Posted by Steve (82.41.xx.xx) on Wed 18 Jan 2006 at 14:16
[ Send Message | View Steve's Scratchpad | View Weblogs ]

That makes a DOS very simple - send a single small HTTP message directing the remote server to collect a 2Gb file.

There are other problems with this solution. But thats the most obvious.

Steve

[ Parent | Reply to this comment ]

#5
Posted by Anonymous (213.164.xx.xx) on Wed 18 Jan 2006 at 20:40
But it's not that simple. You'd have the same safeguards in place as you do with existing MTAs. So you send a notification to the server telling them to collect a huge message. The server comes to collect. It notices the file is too big, and aborts.

[ Parent | Reply to this comment ]

User Login

Username:

Password:

[ Advanced Login ]

Register Account

Quick Site Search