nanog mailing list archives
Re: SPF Configurations
From: Sean Donelan <sean () donelan com>
Date: Mon, 7 Dec 2009 09:30:24 -0500 (EST)
On Sun, 6 Dec 2009, Bill Stewart wrote:
On Sun, Dec 6, 2009 at 2:56 PM, Sean Donelan <sean () donelan com> wrote:In particular, what anti-forgery/security controls should network operators implement and check; and what anti-forgery/security controls should network operators not implement or check?Depends a bit on whether you're counting inbound-mail-service operators as network operators.
Because this is NANOG, I was scoping it to be just layer 0 to 4. Leaving the application and above layer discussions to other places.I would love to know how the marketplace wants to handle "Official Mail," but I'm not expecting useful answers here.
As an end user who doesn't have an account at Bank of America, I'd be happy if bankofamerica.com used SPF records so my mail system could discard forged spam from them; that's much different than the kind of forgery prevention I want for my actual bank. (And obviously SPF isn't going to stop mail from bank0vamer1ca.cm etc., but it can cut down some of the noise and leave the rest for Spamassassin.)
Like most things, scaling is the only problem. Your Bank is different from My Bank, and His Bank and Her Bank, and so on. Throw in multiple middle-parties, i.e. the NSP, ISP, MSP, ESP, etc; and the problem becomes very difficult. And that's before adding the problem the real Your Bank (or their marketing partners, or their compromised PCs) may also send stuff you don't want.
Network operations probably aren't going to solve those problems. And lots of other places like to discuss them.
So instead, what things should network operators be expected to solve?If you can't trust routing, can you trust DNS? If you can't trust DNS, can you trust things using DNS? If you can't trust ???, can you trust ???
Current thread:
- RE: SPF Configurations, (continued)
- RE: SPF Configurations Jeffrey Negro (Dec 04)
- Re: SPF Configurations Bret Clark (Dec 04)
- Re: SPF Configurations James Bensley (Dec 04)
- Re: SPF Configurations John Levine (Dec 04)
- AW: SPF Configurations Andre Engel (Dec 04)
- Re: AW: SPF Configurations John R. Levine (Dec 04)
- AW: AW: SPF Configurations Andre Engel (Dec 05)
- Re: SPF Configurations Bret Clark (Dec 04)
- Re: SPF Configurations Lars Eggert (Dec 04)
- Re: SPF Configurations Sean Donelan (Dec 06)
- Re: SPF Configurations Bill Stewart (Dec 06)
- Re: SPF Configurations Sean Donelan (Dec 07)
- Re: Official Mail, was SPF Configurations John Levine (Dec 07)
- RE: SPF Configurations Jeffrey Negro (Dec 04)
- Re: SPF Configurations Michael Holstein (Dec 07)
- Re: SPF Configurations Douglas Otis (Dec 07)
- Re: SPF Configurations Suresh Ramasubramanian (Dec 07)
- Re: SPF Configurations Tony Finch (Dec 08)
- Re: SPF Configurations Suresh Ramasubramanian (Dec 08)
- Re: SPF Configurations Michael Holstein (Dec 08)
- Re: SPF Configurations Tony Finch (Dec 08)
- RE: SPF Configurations Jeffrey Negro (Dec 04)