Thread: Re: [CORE] SPF Record ...
> ------- Original Message ------- > From: "Marc G. Fournier" <scrappy@hub.org> > To: Peter Eisentraut <peter_e@gmx.net>, pgsql-www@postgresql.org > Sent: 18/11/06, 17:38:45 > Subject: Re: [pgsql-www] [CORE] SPF Record ... > > That is not true .. that is only true if we publish -all ... if we publish > ?all, we are saying that anything coming from "a mx" are *definitely* from > @postgresql.org, and that from other sources they *might* be ... So what's the point then? People either ignore the SPF record, or refuse mail from the 'might be's'. /D
On 18 Nov 2006 at 18:12, Dave Page wrote: > > > > ------- Original Message ------- > > From: "Marc G. Fournier" <scrappy@hub.org> > > To: Peter Eisentraut <peter_e@gmx.net>, pgsql-www@postgresql.org > > Sent: 18/11/06, 17:38:45 > > Subject: Re: [pgsql-www] [CORE] SPF Record ... > > > > That is not true .. that is only true if we publish -all ... if we publish > > ?all, we are saying that anything coming from "a mx" are *definitely* from > > @postgresql.org, and that from other sources they *might* be ... > > So what's the point then? People either ignore the SPF record, or > refuse mail from the 'might be's'. These are inaccurate conclusions. SPF information helps to draw a conclusion. Consider it a points system. Get so many points for a might be, none for a definitely. Get enough points, you're spam. SPF is most wisely used in conjunction with other information to reach a conclusion. -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php
Dan Langille wrote: > These are inaccurate conclusions. SPF information helps to draw a > conclusion. Consider it a points system. Get so many points for a > might be, none for a definitely. Get enough points, you're spam. > SPF is most wisely used in conjunction with other information to > reach a conclusion. The whole thing is evil technology, as I have previously pointed out, which is a reason to boycott it. I regularly get my email blocked by other community members because of it. But the application you are describing here is equally stupid. You are saying that even though it is -- per SPF record -- OK to send @postgresql.org via other hosts, you get penalized in your scoring system for doing so. So in spite of *no* indication that some email is spam, you are (partially) rejecting it. What sense does that make? -- Peter Eisentraut http://developer.postgresql.org/~petere/
Dan Langille wrote: > On 18 Nov 2006 at 18:12, Dave Page wrote: > >> >>> ------- Original Message ------- >>> From: "Marc G. Fournier" <scrappy@hub.org> >>> To: Peter Eisentraut <peter_e@gmx.net>, pgsql-www@postgresql.org >>> Sent: 18/11/06, 17:38:45 >>> Subject: Re: [pgsql-www] [CORE] SPF Record ... >>> >>> That is not true .. that is only true if we publish -all ... if we publish >>> ?all, we are saying that anything coming from "a mx" are *definitely* from >>> @postgresql.org, and that from other sources they *might* be ... >> So what's the point then? People either ignore the SPF record, or >> refuse mail from the 'might be's'. > > These are inaccurate conclusions. SPF information helps to draw a > conclusion. Consider it a points system. Get so many points for a > might be, none for a definitely. Get enough points, you're spam. > SPF is most wisely used in conjunction with other information to > reach a conclusion. Yes, so the net result of not running ?all is that you don't block real spam as a result of SPF any more than you block legitimate mail from one of the 'allowed but not listed servers'. Seems to me all that risks is increasing the spam score of legitimate users who have real reasons for using different outgoing servers. Regards, Dave.
Peter Eisentraut wrote: > Dan Langille wrote: >> These are inaccurate conclusions. SPF information helps to draw a >> conclusion. Consider it a points system. Get so many points for a >> might be, none for a definitely. Get enough points, you're spam. >> SPF is most wisely used in conjunction with other information to >> reach a conclusion. > > The whole thing is evil technology, as I have previously pointed out, > which is a reason to boycott it. I regularly get my email blocked by > other community members because of it. > > But the application you are describing here is equally stupid. You are > saying that even though it is -- per SPF record -- OK to send > @postgresql.org via other hosts, you get penalized in your scoring > system for doing so. So in spite of *no* indication that some email is > spam, you are (partially) rejecting it. What sense does that make? Which is a far clearer way of say what I just wrote in my current pre-coffee state!! +1 /D
On Sat, Nov 18, 2006 at 03:41:03PM -0500, Dan Langille wrote:
> These are inaccurate conclusions. SPF information helps to draw a
> conclusion. Consider it a points system. Get so many points for a
> might be, none for a definitely. Get enough points, you're spam.
> SPF is most wisely used in conjunction with other information to
> reach a conclusion.
A bad conclusion, poorly supported by evidence that is costing
everyone on the Internet.
The problem, in my view, with SPF is that it doesn't actually solve
the authentication problem, _plus_ the costs it imposes are borne by
_everyone other than_ the person whose behaviour SPF is supposed to
be trying to prevent. Note that last bit: SPF is not free -- not
even if you aren't using SPF but happen to perform ANY queries (and
at least 2/5 of the Windows clients in the world do). But none of
those costs are actually paid by the would-be spammer.
A
--
Andrew Sullivan | ajs@crankycanuck.ca
Users never remark, "Wow, this software may be buggy and hard
to use, but at least there is a lot of code underneath."
--Damien Katz