Re: Blacklisting based on SPF

On 10/11/2011 6:49 AM, Matus UHLAR - fantomas wrote: On 7 Oct 2011 00:28:49 -, John Levine wrote: Nobody with any interest in delivering the mail that their users want. The error rate is much, much too high. On 10/7/2011 12:50 AM, Benny Pedersen wrote: how ? On 10.10.11 07:00, Marc P

Re: Blacklisting based on SPF

On Wed, 12 Oct 2011 16:08:12 +0200, Matus UHLAR - fantomas wrote: was this changed or you just continue FUDding? On 12.10.11 16:18, Benny Pedersen wrote: From: header is NOT envelope-from header, stop fuding self From: is _NOT_ "mail from:" and since DKIM has nothing with mail from:, I don'

Re: Blacklisting based on SPF

On Wed, 12 Oct 2011 16:08:12 +0200, Matus UHLAR - fantomas wrote: was this changed or you just continue FUDding? From: header is NOT envelope-from header, stop fuding self

Re: Blacklisting based on SPF

On Tue, 11 Oct 2011 17:14:06 +0200, Matus UHLAR - fantomas wrote: (and possibly list of forwarders who do not rewrite mail from) On 11.10.11 21:03, Benny Pedersen wrote: breaks dkim, and instalations that use from: as envelope sender header ask for troubles cite from rfc4686: DKIM oper

Re: Blacklisting based on SPF

On Tue, 11 Oct 2011 15:49:36 +0200, Matus UHLAR - fantomas wrote: such forwarding will break SPF iff the forwarder does not change the mail from: address, and in such case it FAKES the return path, since it's not the original sender who sent the mail, it's the recipient. On 11.10.11 20:55, Benn

Re: Blacklisting based on SPF

On Tue, 11 Oct 2011 17:14:06 +0200, Matus UHLAR - fantomas wrote: (and possibly list of forwarders who do not rewrite mail from) breaks dkim, and instalations that use from: as envelope sender header ask for troubles

Re: Blacklisting based on SPF

On Tue, 11 Oct 2011 15:49:36 +0200, Matus UHLAR - fantomas wrote: such forwarding will break SPF iff the forwarder does not change the mail from: address, and in such case it FAKES the return path, since it's not the original sender who sent the mail, it's the recipient. it breaks dkim if anyth

Re: Blacklisting based on SPF

On 05.10.11 11:01, Julian Yap wrote: I've noticed some trojans with addresses from usps.com slip through. Does anyone blacklist based on SPF? According to SPF definition, all mail that fails SPF check, is forged and therefore it should be rejected (in case of FAIL result), or very carefully

Re: Blacklisting based on SPF

On 7 Oct 2011 00:28:49 -, John Levine wrote: Nobody with any interest in delivering the mail that their users want. The error rate is much, much too high. On 10/7/2011 12:50 AM, Benny Pedersen wrote: how ? On 10.10.11 07:00, Marc Perkel wrote: All forwarded email would fail SPF testing.

Re: Blacklisting based on SPF

On Mon, 10 Oct 2011 07:00:48 -0700 Marc Perkel wrote: [Blocking SPF "fail" mail] > All forwarded email would fail SPF testing. You would be blocking > all hosted spam filtering services for example. Nonsense. If someone uses a hosted spam filtering servic for inbound mail, then that person sh

Re: Blacklisting based on SPF

On 10/10/11 9:00 AM, "Marc Perkel" wrote: > > > On 10/7/2011 12:50 AM, Benny Pedersen wrote: >> On 7 Oct 2011 00:28:49 -, John Levine wrote: >>> Nobody with any interest in delivering the mail that their users want. >>> The error rate is much, much too high. >> >> how ? >> > > All forwar

Re: Blacklisting based on SPF

On Mon, 10 Oct 2011 07:00:48 -0700, Marc Perkel wrote: All forwarded email would fail SPF testing. You would be blocking all hosted spam filtering services for example. this is easy to solve in spf or add the forwarding mta sender ip to spamassassin trusted_networks, reject msg ALWAYS says th

Re: Blacklisting based on SPF

On 10/7/2011 12:50 AM, Benny Pedersen wrote: On 7 Oct 2011 00:28:49 -, John Levine wrote: Nobody with any interest in delivering the mail that their users want. The error rate is much, much too high. how ? All forwarded email would fail SPF testing. You would be blocking all hosted

Re: Blacklisting based on SPF

On 10/7/2011 12:17 PM, RW wrote: On Fri, 07 Oct 2011 20:39:24 +0200 Robert Schetterer wrote: in my case there is so less left, passing postscreen, rbls, greylisting, clamav-milter with sanesecurity and few other smtp checks, that nearly null i.e faked paypal mail getting at last to spamassassin

Suppressing backscatter (was Re: Blacklisting based on SPF)

On Fri, 07 Oct 2011 20:47:48 +0100 Martin Gregorie wrote: > And, at least for me, its been good for suppressing backscatter: since > I've had a good SPF record I've has almost none. Really?? You are very lucky. We have an SPF record with a "-all" clause and still get backscatter. I believe th

Re: Blacklisting based on SPF

On Fri, 2011-10-07 at 20:17 +0100, RW wrote: > On Fri, 07 Oct 2011 20:39:24 +0200 > Robert Schetterer wrote: > > > in my case > > there is so less left, passing postscreen, rbls, greylisting, > > clamav-milter with sanesecurity and few other smtp checks, that nearly > > null i.e > > faked paypal m

Re: Blacklisting based on SPF

On Fri, 07 Oct 2011 20:39:24 +0200 Robert Schetterer wrote: > in my case > there is so less left, passing postscreen, rbls, greylisting, > clamav-milter with sanesecurity and few other smtp checks, that nearly > null i.e > faked paypal mail getting at last to spamassassin where its stopped > mostl

Re: Blacklisting based on SPF

Am 07.10.2011 20:24, schrieb Dave Warren: > On 10/7/2011 1:12 AM, Robert Schetterer wrote: >> in my eyes the whole idea of spf was broken from beginning >> but do what you want, no need for flame >> in my real world it makes more problems then helping in antispam >> i removed spf checks from my ser

Re: Blacklisting based on SPF

On 10/7/2011 1:12 AM, Robert Schetterer wrote: in my eyes the whole idea of spf was broken from beginning but do what you want, no need for flame in my real world it makes more problems then helping in antispam i removed spf checks from my servers, in spamd its used with nearly no points there ar

Re: Blacklisting based on SPF

On 07/10/11 13:27, Daniel McDonald wrote: Something like this Unverified Yahoo rule I shameless stole from Mark Martinec: I have some similar rules... header __L_FROM_Y1 From:addr =~ m{[@.]yahoo\.com$}i header __L_FROM_Y2 From:addr =~ m{\@yahoo\.com\.(ar|br|cn|hk|my|sg)$}i header __L_FR

Re: Blacklisting based on SPF

On 10/7/11 3:49 AM, "Julian Yap" wrote: > On Thu, Oct 6, 2011 at 3:09 PM, David F. Skoll > wrote: >> On 7 Oct 2011 00:28:49 - >> "John Levine" wrote: >> Does anyone blacklist based on SPF? >> >>> Nobody with any interest in delivering the mail that their users want. >>> The error

Re: Blacklisting based on SPF

On Thu, 6 Oct 2011 22:49:47 -1000 Julian Yap wrote: > What do your rules look like for this scenario? [blocking for SPF > fail for select domains.] Ah, well. We don't implement those policies with SpamAssassin, so I can't post anything useful. Regards, David.

Re: Blacklisting based on SPF

On Thu, 6 Oct 2011 22:49:47 -1000, Julian Yap wrote: What do your rules look like for this scenario? blacklist_from *@example.org whitelist_from_spf *@example.org adjust so blacklist score will be neotral for spf pass users dont use *@example.org if you need to have strict whitelist of specif

Re: Blacklisting based on SPF

On Thu, Oct 6, 2011 at 3:09 PM, David F. Skoll wrote: > On 7 Oct 2011 00:28:49 - > "John Levine" wrote: > > > >Does anyone blacklist based on SPF? > > > Nobody with any interest in delivering the mail that their users want. > > The error rate is much, much too high. > > It depends. I very co

Re: Blacklisting based on SPF

Am 07.10.2011 10:03, schrieb Benny Pedersen: > On Fri, 07 Oct 2011 09:54:09 +0200, Robert Schetterer wrote: >> but wouldnt recommend it anyway > > why would i like to whitelist a unknown spammer ? > > thinking more about it would get me mad :-) > > in my eyes the whole idea of spf was broken f

Re: Blacklisting based on SPF

On Fri, 07 Oct 2011 09:54:09 +0200, Robert Schetterer wrote: but wouldnt recommend it anyway why would i like to whitelist a unknown spammer ? thinking more about it would get me mad :-)

Re: Blacklisting based on SPF

On Thu, 6 Oct 2011 21:09:59 -0400, David F. Skoll wrote: SPF is most effective when used judiciously for specific domains. It's pretty useless to make blanket SPF rules that cover unknown domains. whitelist_from_spf rules ? :-) my rule of thump is: def_whitelist_from_spf *@example.org whit

Re: Blacklisting based on SPF

Am 07.10.2011 09:50, schrieb Benny Pedersen: > On 7 Oct 2011 00:28:49 -, John Levine wrote: >> Nobody with any interest in delivering the mail that their users want. >> The error rate is much, much too high. > > how ? > > good spammers , usally have valid spf dns entries so if you want blac

Re: Blacklisting based on SPF

On 7 Oct 2011 00:28:49 -, John Levine wrote: Nobody with any interest in delivering the mail that their users want. The error rate is much, much too high. how ?

Re: Blacklisting based on SPF

On 7 Oct 2011 00:28:49 - "John Levine" wrote: > >Does anyone blacklist based on SPF? > Nobody with any interest in delivering the mail that their users want. > The error rate is much, much too high. It depends. I very confidently blacklist mail from "roaringpenguin.com" that fails to pass

Re: Blacklisting based on SPF

In article you write: >-=-=-=-=-=- > >I've noticed some trojans with addresses from usps.com slip through. > >Does anyone blacklist based on SPF? Nobody with any interest in delivering the mail that their users want. The error rate is much, much too high. R's, John

Re: Blacklisting based on SPF

On Wed, 5 Oct 2011 11:01:12 -1000, Julian Yap wrote: Ive noticed some trojans with addresses from usps.com [1] slip through. ups.com ? Does anyone blacklist based on SPF? not needed since all spf domains is blacklisted, and scored neotral in spamassassin, until you use whitelist_from_spf o

Re: Blacklisting based on SPF

On 10/5/11 5:01 PM, Julian Yap wrote: I've noticed some trojans with addresses from usps.com slip through. Does anyone blacklist based on SPF? I took a look at the source for SpamAssassin/Plugin/SPF.pm but it only has evaluation rules for whitelisting: $self->register_eva

Blacklisting based on SPF

I've noticed some trojans with addresses from usps.com slip through. Does anyone blacklist based on SPF? I took a look at the source for SpamAssassin/Plugin/SPF.pm but it only has evaluation rules for whitelisting: $self->register_eval_rule ("check_for_spf_whitelist_from"); $self->register_ev