[AusNOG] Disturbing new spam trend?

[Noel Butler]

On 08/10/2015 10:25, Ross Wheeler wrote:

>> 
>> SPF if setup correctly using hardfail would (should) have 550'd during 
>> initial connection from badguy, should not have been any backscatter 
>> generated.
> 
> I'm not sure I agree.
> Where mail has been accepted by (say) hotmail but then found to be
> undeliverable and bounces.... how does my friends mail server reject
> the bounce message?


I see your point, in that case, with great difficulty, because RFCs say 
never block them.

More of a question is why is hotmail generating backscatter, google 
groups used to generate backscatter, probably still does, I blocked them 
on this, my personal server few years ago, I'd never do that for others 
mail servers I manage unless they accept the risks, and of course no way 
could I do so on a public ISP server without causing problems, but maybe 
they've got their act together now, one would hope so.


> I'm not convinced ISPs can really run hardfail based entirely on SPF
> without causing unacceptable collateral damage.

It's run on many decent sized ISP's/Uni's around the world, you only 
have to follow certain other lists to see that, I've run it for, gawd, 
over a decade, I've run it on a couple previous employers ISP mail 
servers, and every mail server I've managed, with next to no complaints, 
but never dealt much with offsite forwardings where SPF may become an 
issue if the forwarding does not re-write sender, hell, even mailing 
lists are smart enough these days by doing that, this was however a 
problem with Microsofts attempt at their own SPF which checked froms, 
and so caused untold problems with lists, I guess thats why their 
version never took off.