Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] new spam engines

2006-04-07 by Dennis Willson

You just need to be careful here. SPF is expensive (lots of overhead) so 
you should do as few SPF lookups as possible.
A single SPF record could cause as many as 10 DNS lookups, so if you 
verify SPF more than once you're multiplying the DNS overhead (Yes I 
know that the second, third, etc.. lookups would be cached in your local 
caching DNS server, but it still has to make the mail server wait for 
the additional lookups even if their are a bit faster after the first 
one). So as few modules as possible should be doing SPF lookups. The 
best way would be to have one module do it as early as possible and put 
a marker as an email header so other modules later on could see the 
results and act accordingly (I also know that the first module that was 
doing the actual SPF lookups would have to be sure there wasn't a 
spoofed header saying it passed SPF when it didn't so it would have to 
remove any SPF headers and then do its lookups and then add its own header).

Just some thoughts on the subject...

Matt Kettler wrote:

>Matthias Scheler wrote:
>  
>
>>On Fri, Apr 07, 2006 at 04:57:02PM +0200, Michael Menge wrote:
>>    
>>
>>>I think SPF (see www.openspf.org)  may be a googd idea to use.
>>>      
>>>
>>SPF is quickly becoming worthless because spammers register new domains,
>>create fine looking SPF records for their spam bot networks and start
>>delivering spam from them.
>>    
>>
>
>Duh.. this is exactly what SPF is intended to do.. Force spammers to create
>their own domains instead of abusing existing ones.
>
>Anyone who thinks SPF is intended to stop spam is fooling themselves. SPF is an
>anti-forgery technology. This has some utility in fighting spam, but it isn't
>intended to stop spam.
>
>Also on the upside for the spam front, forcing spammers to create their own
>domains costs them money.
>  
>
>>I'm currently using SPF for automatic white listing in Milter Greylist
>>and am seriously considering to drop it.
>>    
>>
>
>You really should. IMHO, this is one of the most misconceived features of
>milter-greylist. Passing SPF is a horribly poor indication the message is in any
>way "good" from a spam perspective.
>
>In general the only thing you can treat with much credibility on the spam front
>is treating SPF failures as an indication the message is likely spam. Period.
>
>really, milter-greylist should generalize SPF results into ACL rules, so we can
>all choose what to do at different SPF levels.
>
>This way we can do things like this:
>
>acl spf_softfail dark_greylist
>acl spf_fail blacklist
>acl default greylist
>
>which makes a lot more sense than the current use of SPF in milter-greylist.
>
>(note- read the dark-grey thread for the idea behind dark_greylist)
>
>
>
> 
>Yahoo! Groups Links
>
>
>
> 
>
>
>
>  
>

-- 

----------------------------------
Dennis Willson
mailto:taz@...
http://www.taz-mania.com

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.