[185550] in North American Network Operators' Group
Re: Uptick in spam
daemon@ATHENA.MIT.EDU (Colin Johnston)
Tue Oct 27 10:37:09 2015
X-Original-To: nanog@nanog.org
From: Colin Johnston <colinj@gt86car.org.uk>
In-Reply-To: <CALeqL2eHUuYWQajyrYFwOhPQkDyOigR0oh8XtzuwZCV+jbGO-w@mail.gmail.com>
Date: Tue, 27 Oct 2015 14:37:03 +0000
To: Ian Smith <ian.w.smith@gmail.com>
Cc: nanog@nanog.org, Rich Kulawiec <rsk@gsp.org>
Errors-To: nanog-bounces@nanog.org
hosted gmail did catch some of the spam but not all , into auto junk =
filter due to some of the weblinks were spammy
Colin
> On 27 Oct 2015, at 14:18, Ian Smith <ian.w.smith@gmail.com> wrote:
>=20
> I'm not making any argument about the relation of SPF compliance to =
message
> quality or spam/ham ratio. You are no doubt correct that at this =
point in
> the game SPF doesn't matter with respect to message quality in a =
larger
> context, because these days messages that are not SPF compliant will =
simply
> never arrive, and therefore aren't sent.
>=20
> I'm saying that SPF helps prevent envelope header forgery, which is =
what it
> was designed to do. The fact that NANOG isn't checking SPF (and it =
isn't,
> I tested) was exploited and resulted in a lot of spam to the list. =
This
> wasn't caught by receiving servers (like Gmail's, for example) because =
they
> checked mail.nanog.org against the nanog.org spf record, which checked =
out.
>=20
> You can argue that envelope header forgery is irrelevant, and that =
corner
> cases don't matter. But I think this latest incident provides a good
> counterexample that it does matter. And it's easy to fix, so why not =
fix
> it?
>=20
> -Ian
