Mailing List CGatePro@mail.stalker.com Message #94631
From: Nicolas Hatier <nicolas.hatier@niversoft.com>
Subject: Re: bounce backs from spam
Date: Sun, 06 Apr 2008 21:52:41 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
And how a (legitimately) forged From: address should cause a false positive with SPF? SPF validates with the return-path, not the From: address.

If those system use the customer's email address as return-path address, they are unlikely to be able to send confirmation messages to many customers, as this would break SMTP AUTH, which is now mandatory at many ISPs.

NH

Shaun Gamble wrote:
Gib Henry wrote:
Huh?!  I don't understand how it's possible to obtain false results from SPF.  From Reverse-Check, yes (especially auto-responders), but not SPF.  If the sender's domain lists its current authorized sending machines, and you get mail purporting to be from that sender but from a sending machine that isn't authorized, how could that be legitimate?  Cheers,


A lot of accommodation resellers allow the customers to purchase accommodation from their websites. The email indicating a reservation has been made has the customer's email address as the from address .

On 4/6/08 at 4:01 AM -0700, CommuniGate Pro Discussions wrote:
Date: Sun, 06 Apr 2008 09:46:47 +1000
From: Shaun Gamble <listrdr@redco.com.au>
Subject: Re: bounce backs from spam

Gib Henry wrote:
At 7:33 AM -0700 on 4/4/08, CommuniGate Pro Discussions wrote:
From: Gavin Lawrie <gavin.lawrie@2gc.co.uk>
Subject: Re: bounce backs from spam
Date: Fri, 4 Apr 2008 15:07:23 +0100

On 4 Apr 2008, at 14:31, Gib Henry wrote:
Most of the spam I receive comes from domains that do not have SPF records, so they neither pass nor fail.  But if they fail, well, it's pretty clearly spam, and I close the connection before receiving it. This does not seem to cause any problems.

How are you checking for SPF?  There is the SPF option in SMTP Receiving options, but help file is opaque as to what it actually does if enabled - I think it rejects message...?  But what you describe sounds more specific.
(Apologies if it is obvious... dim-wit at controls!)

In Settings/Mail/SMTP/Receiving, both Check SPF Records and Reverse Connect have 3 options:  Disabled, Enabled, or Add Header.  You can try them out with just adding a header (not rejecting them) and evaluate them with rules, then when you're satisfied they won't cause problems, enable them, which will reject failed messages.  I have 'em both on; here are a couple of representative log snippets:

Reverse Check:
10:33:25.052 1 SMTPI-074614([89.136.31.53]) Return-Path 'taboosomm49@youngteenjobs.com' rejected: address rejected with reverse-check
10:49:28.089 1 SMTPI-074651(cassiopeia.pmt.org) Return-Path 'info@e1577.b.akamaiedge.net' rejected: no relay available
00:35:01.340 1 SMTPI-073164([91.139.195.239]) Return-Path 'headstoness56@tjix.com' rejected: reverse check protocol error

SPF:
00:46:40.055 1 SMTPI-073188([71.87.199.22]) Return-Path 'tcc-smartchairs.com@zobh.com' rejected: sender domain does not match SPF records

But they're no panacea:  despite enabling Reverse-Check and SPF, running against 4 RBLs, and blacklisting the entire China/Korea IP range, I'm still getting 40-50 spams/day, of which, fortunately, Eudora/SpamSieve correctly traps over 99%.  Cheers,

Unfortunately, I am still receiving some false positives on SPF and reverse checking, so I use Add-Header option. It certainly helps cut down a lot of spam (into quarantine), however I couldn't reject on it.


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster