Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Feature Request
  FAQ FAQ  Forum Search   Register Register  Login Login

Feature Request

 Post Reply Post Reply
Author
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Topic: Feature Request
    Posted: 08 August 2007 at 2:25pm
Can we have, perhaps a "Tag On Soft Fail" option on SPF?  I ask because even the "Champions" of SPF, AOL, are not willing to commit to a "-all" and technically, we should not block "Soft Fails" but I would like to see some action even if passing the messages.
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
sgeorge View Drop Down
Senior Member
Senior Member


Joined: 23 August 2005
Status: Offline
Points: 178
Post Options Post Options   Thanks (0) Thanks(0)   Quote sgeorge Quote  Post ReplyReply Direct Link To This Post Posted: 08 August 2007 at 2:45pm
Dan, excellent idea.  May I piggie back on your request?

I would love to be able to locally create an overriding SPF rule for domains not in my control.  If a domain has a weak SPF rule (or none at all), and I am confident that I am able to determine all of their legitimate outgoing mail servers, it would be great to be able to tell SpamFilter from which i.p.s to accept mail for domain x.

I'm piggie-backing because I'm also like to see your thoughts on this Dan.

Stephen
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 08 August 2007 at 2:57pm

Stephen,

Did you see my post on the DNS White List?
http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID= 6173&KW=DNSWL
I think this, too, will help and the Admin seems to be very interested in maintaining as good a list as possible (with our help?)

The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
sgeorge View Drop Down
Senior Member
Senior Member


Joined: 23 August 2005
Status: Offline
Points: 178
Post Options Post Options   Thanks (0) Thanks(0)   Quote sgeorge Quote  Post ReplyReply Direct Link To This Post Posted: 08 August 2007 at 3:11pm
Hey Dan, that's a good point... a white list that is contributed to by many, but moderated by experienced admins certainly would be more more up-to-date and accurate.
Back to Top
Roman View Drop Down
Newbie
Newbie


Joined: 04 November 2005
Location: Russian Federation
Status: Offline
Points: 32
Post Options Post Options   Thanks (0) Thanks(0)   Quote Roman Quote  Post ReplyReply Direct Link To This Post Posted: 15 August 2007 at 9:37am
One more thing: it would be very nice to have an option to block all domains with "+all" or "ip4:0.0.0.0/0" defenitions like SPF for "alicencias.com".
Back to Top
Roman View Drop Down
Newbie
Newbie


Joined: 04 November 2005
Location: Russian Federation
Status: Offline
Points: 32
Post Options Post Options   Thanks (0) Thanks(0)   Quote Roman Quote  Post ReplyReply Direct Link To This Post Posted: 15 August 2007 at 9:57am
By the way, Dan, I send to quarantine not only "softfail" but also "neutral", and for about 2 years I remember only 1 or 2 false positives. So, as long as major mail servers are afraid to use "-all" and even "~all" tags, there is no real difference between all of them.
Back to Top
sgeorge View Drop Down
Senior Member
Senior Member


Joined: 23 August 2005
Status: Offline
Points: 178
Post Options Post Options   Thanks (0) Thanks(0)   Quote sgeorge Quote  Post ReplyReply Direct Link To This Post Posted: 17 August 2007 at 2:32pm
Roman, the relaxed approach that the big guys have taken really frustrates those (such as me) that could have an valid, but restricted, use for adding mechanisms such as neutral "?" and soft-fail "~" to SPF records.

I agree that the system has certainly been used and abused, though there's a percentage of us who actually need these grey-area mechanisms.  Consider my situation:

We have a few mail servers for a small organization.  We have complete control over most of those mail servers, except our Web site is hosted on a shared hosting site; in the past, some other customers have used the shared site as a "spam house" so to speak.  It's in our interest to not to unwittingly "validate" one of these abusers attempts forge one of our email addresses from the same ip.  Therefore, we setup our spf record to something like this:
v=spf1 a:mail.domain.com a:mail2.domain.com ?include:sharedhostingsite.com -all


The effect allows "neutral" results for e-mails sent out from sharedhostingsite.com, while a solid "pass" or "fail" occurs for everything else.

If people block all "neutal" SPF results, then we would be better off having no SPF record at all.  But that would not make me very happy. Stern%20Smile

Stephen
Back to Top
Roman View Drop Down
Newbie
Newbie


Joined: 04 November 2005
Location: Russian Federation
Status: Offline
Points: 32
Post Options Post Options   Thanks (0) Thanks(0)   Quote Roman Quote  Post ReplyReply Direct Link To This Post Posted: 17 August 2007 at 4:13pm
Stephen, we had this conversation about 1 year ago. My opinion stands still: if you use some host for relay - whitelist it. I don't want to get an uncertain answer "may be spam, may be not" - what should I do with it?

I'd be glad to follow the rules, but I see no hope in this particular situation. So I'm forced to quarantine "neutral".

Well, there could be solution if we have an option to treat "-~?+all" as strict "-all", but treat softfails and neutrals in other expression as we do now. This could make us both happy.

Nevertheless I suggest you to "pass" your low trusted site. Consider these possible cases:

1. you stay with "neutral" - some hosts (like mine) would block your legitimate mail and you will whitelist any possible spam through your unsafe host for those who follow the rules anyway.

2. you make it "pass" - your legitimate mail will always be delivered, spam with your faked name will always be blocked, but IF it ever happens that someone on unsafe host would guess how to abuse your SPF record - you'll need to undertake some investigation.

3. you drop the SPF record - this actually whitelist all internet (INCLUDING your unsafe host) to send spam on behalf of your name. So it can not be safer than 2 in any way.

Edited by Roman - 17 August 2007 at 4:18pm
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.063 seconds.