Jump to content
Sign in to follow this  
lawless

SPF Rocks!

Recommended Posts

I just deployed SPF on my MTA. It was quite a lot of

effort, but it's blocking *all* spam.

After about six months or so spammers will start

publishing SPF records and RHSBLs will become necessary

(I may go with a RHSWL myself). For the moment however,

the results are spectacular!

My experience and the customizations I made can be found

at http://archives.listbox.com/spf-discuss/current for

those who might be interested.

Share this post


Link to post
Share on other sites
I just deployed SPF on my MTA.  It was quite a lot of

effort, but it's blocking *all* spam.

This, by itself, is not very meaningful. Does it also not block legitimate mail?

Don't get me wrong. I like SPF (though I haven't implemented it, yet). But aren't there a *lot* of people who haven't published SPF records?

Share this post


Link to post
Share on other sites

Turns out a nifty default rule can be established:

"v=spf1 a/24 mx/24 ptr -all".

This ACL works for about 80% of legitimate senders. I've

configured SPF to apply this rule whenver an explicit SPF rule

is absent. I've hand-coded 'fallback' records for the few

critical correspondents that don't fit the above. I've even

modified the 'Mail::SPF::Query' Perl module to convert "?all"

"~all" and "+all" into "-all". This was because I got spammed

by someone spoofing an Earthlink address and their record

specifies "?all" at the end.

The most complex fallback and override records I've had to write

were so SpamCop staff can send me e-mail in response to my

occasional direct query. Anyone else sending me mail with an

"[at]spamcop.net" envelope sender will get bounced though (incuding

myself). JT should consider establishing a DNS server that

validates SpamCop senders by their account name (via SPF's

"exists" construct) rather than using the "v=spf1 ?all" that he

has published.

I've also created (modified someone else's actually) an

'access.db' whitelist capability that lets me whitelist

a handful of people I know who send me mail from SPF-broken

places like sbcglobal.com (hosted by yahoo.com).

It's been extremely satisfying sitting here for the last

two days watching spam getting constantly bounced in my

'sendmail' log window.

David

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×