22 emails later (only counting this thread)... Can someone with the proper privileges confirm they have the spam under control? I think any solution would be acceptable at this point. If you all would like to debate the pros/cons of different spam filtering theories after the spam has subsided, I don't mind but let's safeguard the infrastructure before we start using it again.
-AK On Oct 27, 2015 7:20 AM, "Ian Smith" <ian.w.sm...@gmail.com> wrote: > I'm not making any argument about the relation of SPF compliance to message > quality or spam/ham ratio. You are no doubt correct that at this point in > the game SPF doesn't matter with respect to message quality in a larger > context, because these days messages that are not SPF compliant will simply > never arrive, and therefore aren't sent. > > I'm saying that SPF helps prevent envelope header forgery, which is what it > was designed to do. The fact that NANOG isn't checking SPF (and it isn't, > I tested) was exploited and resulted in a lot of spam to the list. This > wasn't caught by receiving servers (like Gmail's, for example) because they > checked mail.nanog.org against the nanog.org spf record, which checked > out. > > You can argue that envelope header forgery is irrelevant, and that corner > cases don't matter. But I think this latest incident provides a good > counterexample that it does matter. And it's easy to fix, so why not fix > it? > > -Ian >