Milter-greylist

Hello,

a while ago Emmanuel Dreyfus predicted that SPF will become useless
quite quicky. Here is the proof:

Mar 23 18:11:41 *** sm-mta[22869]: j2NHBe7b022869: from=<Control-1066-82345335-Vis@...>, size=6349, class=0, nrcpts=1, msgid=<82345335.230305085833.1066@...>, bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=client230.beta-ca.bsm1mx.com [69.25.109.230]

And here the SPF records for the domain "eblue-cten.com":

eblue-cten.com  text = "v=spf1 ip4:69.25.109.0/24 ip4:72.5.1.0/24 ip4:208.184.55.0/25 ip4:64.125.188.0/25 ip4:64.125.87.0/24 -all"

It seems that SPF got useless even before it got widely adopted.

I guess I'll have to disable SPF support in my "greylist.conf" soon.

	Kind regards

-- 
Matthias Scheler                                  http://scheler.de/~matthias/

On Fri, Mar 25, 2005 at 10:21:28AM +0000, Matthias Scheler wrote:
> And here the SPF records for the domain "eblue-cten.com":
> 
> eblue-cten.com  text = "v=spf1 ip4:69.25.109.0/24 ip4:72.5.1.0/24 ip4:208.184.55.0/25 ip4:64.125.188.0/25 ip4:64.125.87.0/24 -all"

Is it really a spammer? ie: it could be a legitimate MTA relaying some spam.
If I'd be a spammer, I'd just have +all in my SPF record.

-- 
Emmanuel Dreyfus
manu@...

Matthias Scheler wrote:

>	Hello,
>
>a while ago Emmanuel Dreyfus predicted that SPF will become useless
>quite quicky. Here is the proof:
>

As an anti-spam tool, SPF has been useless since the start anyway.
Fortunately, SPF isn't an anti-spam tool, it's an anti forgery tool.

Those who continue to fail to understand the difference between these
two concepts miss the point of SPF entirely.

>Mar 23 18:11:41 *** sm-mta[22869]: j2NHBe7b022869: from=<Control-1066-82345335-Vis@...>, size=6349, class=0, nrcpts=1, msgid=<82345335.230305085833.1066@...>, bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=client230.beta-ca.bsm1mx.com [69.25.109.230]
>
Since Emanuel questioned if it was spam or not, I'll point out the
spamhaus records
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL20650

>I guess I'll have to disable SPF support in my "greylist.conf" soon.
>  
>
I never enabled it. It seemed foolish as any spammer can just create a
SPF record allowing all IPs. If people start ignoring "ip4:0.0.0.0/32"
then they can always update it to  "ip4:0.0.0.0/31 ip:4128.0.0.0/31"

On Fri, Mar 25, 2005 at 01:37:22PM +0000, Emmanuel Dreyfus wrote:
> Is it really a spammer?

According to recepient: yes.

> ie: it could be a legitimate MTA relaying some spam.

It looks much like a zombie spam PC behind a DSL line.

> If I'd be a spammer, I'd just have +all in my SPF record.

That would be to easy to catch.

	Kind regards

-- 
Matthias Scheler                                  http://scheler.de/~matthias/