Re: Reject Action For SPF

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 03/05/2012 18:07, John Hinton wrote:

On 5/3/2012 12:40 PM, Prabhpal S. Mavi wrote:
A couple of notes.

1. SPF was not designed to be used this way. It is doubtful that anyone
has written anything that even remotely considered this option in use.
You will likely have to write it yourself.

Correct, I will echo this:
First, you really don't want to do this (reject domains without a SPF record). I would technically challenge anyone who thinks this is a good idea.
Having said that, spamassassin with a milter will allow you to set a high scoring rule for SPF checks, enough to blanket block them with a rejection. If you go that far, try checking whether spamassassin's score based method is better suited to fixing your problem. 

(a) You save yourself having to really code your own solution.
(b) You end up with a better anti-spam solution overall.



2. SPF is still in RFC testing, so it is not yet a full internet
standard. And once it is, the standard still does not condone using it
the way you intend. IOW, there is nothing in the standard that states
you must have a SPF record to be a legit email domain. Basically, you'll
have a broken mailserver. We are actually stuck with having to take ours
off for the moment as one 'service' we use demands sending email from
their mailservers using our email address and they still have no SPF record.

If you do this, most likely you will not get around 90% of the good
email as SPF is not widely used as of yet. But I guess if you are only
interested in receiving email from a few 'known' domains... it could
work. Seems it would be easier to just blacklist all and whitelist the
few? If it is just for internal... perhaps a webmail system with no
outside email ability would be the way to go?




--
Best Regards,
Giles Coochey, CCNA Security, CCNA
NetSecSpec Ltd
giles.coochey@xxxxxxxxxxxxxxxx
Tel: +44 (0) 7983 877 438
Live Messenger: giles@xxxxxxxxxxx
http://www.netsecspec.co.uk
http://www.coochey.net


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux