Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SPF: Help

Question about SPF being used to help a spammer

 

 

SPF help RSS feed   Index | Next | Previous | View Threaded


beth.morgan at connectnc

Jan 23, 2009, 12:50 PM

Post #1 of 10 (3093 views)
Permalink
Question about SPF being used to help a spammer

Hi -

I work at an ISP, where we have a hosting customer asking us to add an
SPF record to his DNS zone file. I looked up the organization which
was telling him about SPF and found some info that makes me afraid
he's just going to start spamming people.

On their web site, they have articles like this:
SPF Records: The Key to Email Marketing Success
which claims such things as, "Adding an SPF is an easy, one-time fix
that can give your message a potential VIP pass into your customers'
inbox."

Well, in the past, this customer has bought mailing lists and tried to
use them to send out UCE. Here's the SPF record he wants us to add.
Not having used SPF before, I want to be sure that I'm not letting him
use out DNS to somehow legitimize a possible effort to send out UCE.

IN TXT "v=spf1 mx ip4: me-ss2-v2tfzw.mailengine1.com ip4: 111.111.11.1
-all"

When I googled mailengine1.com, there seemed to be a lot of references
to spam. When I did a whois, it led back to streamsend.com.

Would you go ahead and add this SPF record? Am I just being paranoid?

Thanks,
Beth


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


spf at beer

Jan 23, 2009, 12:57 PM

Post #2 of 10 (2993 views)
Permalink
Re: Question about SPF being used to help a spammer [In reply to]

> On their web site, they have articles like this:
> SPF Records: The Key to Email Marketing Success
> which claims such things as, "Adding an SPF is an easy, one-time fix
> that can give your message a potential VIP pass into your customers'
> inbox."

That sounds like a bit of over-selling to me...

> Here's the SPF record he wants us to add.

> IN TXT "v=spf1 mx ip4: me-ss2-v2tfzw.mailengine1.com ip4: 111.111.11.1
> -all"

The MX for the domain, and IP address belonging to someone in California,
and another to someone in Australia.

It does look somewhat suspicious, but that's all really.

> Would you go ahead and add this SPF record?

Yep.

> Am I just being paranoid?

A little.

SPF is about preventing forgery - that's all it's about. Any correlation
with anti-spam efforts is merely a happy coincidence.

So if this guy is going to be spamming from his own domain only, he'll be
pretty easy to block. Evil as spam is, it's better when it's not forging
innocent domains...

Vic.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


lennon at orcon

Jan 23, 2009, 1:05 PM

Post #3 of 10 (2987 views)
Permalink
Re: Question about SPF being used to help a spammer [In reply to]

On Fri, 2009-01-23 at 15:50 -0500, Beth Morgan wrote:
> Hi -
>
> I work at an ISP, where we have a hosting customer asking us to add an
> SPF record to his DNS zone file. I looked up the organization which
> was telling him about SPF and found some info that makes me afraid
> he's just going to start spamming people.
>
> On their web site, they have articles like this:
> SPF Records: The Key to Email Marketing Success
> which claims such things as, "Adding an SPF is an easy, one-time fix
> that can give your message a potential VIP pass into your customers'
> inbox."
>
> Well, in the past, this customer has bought mailing lists and tried to
> use them to send out UCE. Here's the SPF record he wants us to add.
> Not having used SPF before, I want to be sure that I'm not letting him
> use out DNS to somehow legitimize a possible effort to send out UCE.
>
> IN TXT "v=spf1 mx ip4: me-ss2-v2tfzw.mailengine1.com ip4: 111.111.11.1
> -all"
>
> When I googled mailengine1.com, there seemed to be a lot of references
> to spam. When I did a whois, it led back to streamsend.com.
>
> Would you go ahead and add this SPF record? Am I just being paranoid?
>

SPF doesn't indicate that email is not spam.

All it indicates is that email came from the right place and if it
didn't then reject or treat as spam depending on your policy.

If the email came from the correct place as listed in the SPF record
then this SHOULD NOT be used for any weighting for the email being non
spam (ham)

I would say that this company is mis-representing how SPF works and
should get hung and if anyone is using SPF records to weight email as
non spam if the SPF record matches where it came from should be shot as
well.

http://www.streamsend.com/news13.htm

I think Neil Anuskiewicz should be shot..


Thanks
Craig




-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


scott at kitterman

Jan 23, 2009, 1:27 PM

Post #4 of 10 (2983 views)
Permalink
Re: Question about SPF being used to help a spammer [In reply to]

On Sat, 24 Jan 2009 10:05:58 +1300 Craig Whitmore <lennon [at] orcon>
wrote:
>On Fri, 2009-01-23 at 15:50 -0500, Beth Morgan wrote:
>> Hi -
>>
>> I work at an ISP, where we have a hosting customer asking us to add an
>> SPF record to his DNS zone file. I looked up the organization which
>> was telling him about SPF and found some info that makes me afraid
>> he's just going to start spamming people.
>>
>> On their web site, they have articles like this:
>> SPF Records: The Key to Email Marketing Success
>> which claims such things as, "Adding an SPF is an easy, one-time fix
>> that can give your message a potential VIP pass into your customers'
>> inbox."
>>
>> Well, in the past, this customer has bought mailing lists and tried to
>> use them to send out UCE. Here's the SPF record he wants us to add.
>> Not having used SPF before, I want to be sure that I'm not letting him
>> use out DNS to somehow legitimize a possible effort to send out UCE.
>>
>> IN TXT "v=spf1 mx ip4: me-ss2-v2tfzw.mailengine1.com ip4: 111.111.11.1
>> -all"
>>
>> When I googled mailengine1.com, there seemed to be a lot of references
>> to spam. When I did a whois, it led back to streamsend.com.
>>
>> Would you go ahead and add this SPF record? Am I just being paranoid?
>>
>
>SPF doesn't indicate that email is not spam.
>
>All it indicates is that email came from the right place and if it
>didn't then reject or treat as spam depending on your policy.
>
>If the email came from the correct place as listed in the SPF record
>then this SHOULD NOT be used for any weighting for the email being non
>spam (ham)
>
>I would say that this company is mis-representing how SPF works and
>should get hung and if anyone is using SPF records to weight email as
>non spam if the SPF record matches where it came from should be shot as
>well.
>
>http://www.streamsend.com/news13.htm
>
>I think Neil Anuskiewicz should be shot..
>
So spammers publishing SPF records makes them easier to find. I would let
concerns about what they're going to send prevent you from publishing the
record.

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


gcerullo at pixelpointstudios

Jan 23, 2009, 1:30 PM

Post #5 of 10 (2992 views)
Permalink
Re: Question about SPF being used to help a spammer [In reply to]

On 23-Jan-09, at 3:50 PM, Beth Morgan wrote:

> Hi -
>
> I work at an ISP, where we have a hosting customer asking us to add
> an SPF record to his DNS zone file. I looked up the organization
> which was telling him about SPF and found some info that makes me
> afraid he's just going to start spamming people.
>
> On their web site, they have articles like this:
> SPF Records: The Key to Email Marketing Success
> which claims such things as, "Adding an SPF is an easy, one-time fix
> that can give your message a potential VIP pass into your customers'
> inbox."
>
> Well, in the past, this customer has bought mailing lists and tried
> to use them to send out UCE. Here's the SPF record he wants us to
> add. Not having used SPF before, I want to be sure that I'm not
> letting him use out DNS to somehow legitimize a possible effort to
> send out UCE.
>
> IN TXT "v=spf1 mx ip4: me-ss2-v2tfzw.mailengine1.com ip4:
> 111.111.11.1 -all"
>
> When I googled mailengine1.com, there seemed to be a lot of
> references to spam. When I did a whois, it led back to
> streamsend.com.
>
> Would you go ahead and add this SPF record? Am I just being paranoid?


Beth,

What you can tell your customer is that what they provided is not a
valid SPF policy (record) and it will result in a 'Permanent Error'
and that you will only post a valid and correct SPF policy.

If they don't believe you, you can send them to the address below to
verify it.

http://www.kitterman.com/spf/validate.html

Other than that, I can't tell you how to run your business but if any
of my customers were sending out UCE and I could prove it or if it
disrupted the service of my other customers then I would get rid of
that customer without losing any sleep over it.

--
Gino Cerullo

Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6

416-247-7740



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


gcerullo at pixelpointstudios

Jan 23, 2009, 1:50 PM

Post #6 of 10 (2995 views)
Permalink
Re: Question about SPF being used to help a spammer [In reply to]

On 23-Jan-09, at 4:05 PM, Craig Whitmore wrote:

> SPF doesn't indicate that email is not spam.
>
> All it indicates is that email came from the right place and if it
> didn't then reject or treat as spam depending on your policy.
>
> If the email came from the correct place as listed in the SPF record
> then this SHOULD NOT be used for any weighting for the email being non
> spam (ham)
>
> I would say that this company is mis-representing how SPF works and
> should get hung and if anyone is using SPF records to weight email as
> non spam if the SPF record matches where it came from should be shot
> as
> well.
>
> http://www.streamsend.com/news13.htm
>
> I think Neil Anuskiewicz should be shot..


Sorry Craig,

I've read the article that Neil wrote and I can't see anything wrong
with it. If anything, he's encouraging and promoting the use of SPF.
Nothing wrong with that. It's not like he's saying that spammers
should get themselves an SPF policy to ensure that their junk mail
gets delivered. He's just suggesting that email marketers add an SPF
policy to better the chances that their email gets delivered. Of
course, that's debatable but who cares. If everyone had a valid SPF
policy it just makes it easier to identify and block the bad guys.

Remember, not all marketing email is SPAM!


--
Gino Cerullo

Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6

416-247-7740



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


jkirkwood at kclinfo

Jan 25, 2009, 2:20 PM

Post #7 of 10 (2965 views)
Permalink
RE: Question about SPF being used to help a spammer [In reply to]

Hi Beth,

Sorry to contradict Vic, but it seems to me that you, as a responsible (and
increasingly liable) ISP, should not permit any configuration on your
servers that is not legitimate.

If you have any concerns over the requested SPF record (and your client's
history suggests that you have already considered cancelling their account)
then I would seek verification that the client does not intend to send spam
(whether or not the SPF will actually help them in this endeavour).

In the meantime, I would recommend not setting the spf record on principle
(most legitimate requests take long enough to get processed - if your client
is 'innocent' then you can set it once they have justified their request).

Best regards,
John Kirkwood

-----Original Message-----
From: Vic [mailto:spf [at] beer]
Sent: 23 January 2009 21:57
To: spf-help [at] v2
Subject: Re: [spf-help] Question about SPF being used to help a spammer


> On their web site, they have articles like this:
> SPF Records: The Key to Email Marketing Success which claims such
> things as, "Adding an SPF is an easy, one-time fix that can give your
> message a potential VIP pass into your customers'
> inbox."

That sounds like a bit of over-selling to me...

> Here's the SPF record he wants us to add.

> IN TXT "v=spf1 mx ip4: me-ss2-v2tfzw.mailengine1.com ip4: 111.111.11.1
> -all"

The MX for the domain, and IP address belonging to someone in California,
and another to someone in Australia.

It does look somewhat suspicious, but that's all really.

> Would you go ahead and add this SPF record?

Yep.

> Am I just being paranoid?

A little.

SPF is about preventing forgery - that's all it's about. Any correlation
with anti-spam efforts is merely a happy coincidence.

So if this guy is going to be spamming from his own domain only, he'll be
pretty easy to block. Evil as spam is, it's better when it's not forging
innocent domains...

Vic.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org Modify Your Subscription:
http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

<!D2S:heatherbr [at] kclinfo/good/68671a36/>




-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


spf at beer

Jan 27, 2009, 2:00 AM

Post #8 of 10 (2948 views)
Permalink
RE: Question about SPF being used to help a spammer [In reply to]

> Sorry to contradict Vic, but it seems to me that you, as a responsible
> (and
> increasingly liable) ISP, should not permit any configuration on your
> servers that is not legitimate.

I'm not sure you've actually thought this through - that reads very much
like an emotive response, not a rational one.

An SPF record for a domain *is* legitimate - whatever the user ends up
using the domain for.

Restricting the checking of SPF just because you don't like someone is not
going to help anyone - expecially not us.

> If you have any concerns over the requested SPF record (and your client's
> history suggests that you have already considered cancelling their
> account)
> then I would seek verification that the client does not intend to send
> spam

Whether or not they intend to send spam is an entirely separate issue - if
they're spammers, they should be terminated, whatever the status of their
DNS records.

> (whether or not the SPF will actually help them in this endeavour).

Never mind whether or not it will help them - it will help *us*. Even if
this guy does end up being a spammer, by using his own domain to send
spam, it becomes very much easier to block his spam.

> In the meantime, I would recommend not setting the spf record on principle

And I would recommend the exact opposite. Spam would not be nearly the
problem it is if people were to use their own domains only. It is the
forgers that make things especially difficult.

> (most legitimate requests take long enough to get processed - if your
> client
> is 'innocent' then you can set it once they have justified their request).

Setting up an SPF record takes an hour or so to be propagated around the
world...

Vic.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


vesely at tana

Jan 27, 2009, 2:47 AM

Post #9 of 10 (2950 views)
Permalink
Re: Question about SPF being used to help a spammer [In reply to]

Vic wrote:
>> Sorry to contradict Vic, but it seems to me that you, as a
>> responsible (and increasingly liable) ISP, should not permit any
>> configuration on your servers that is not legitimate.
>
> An SPF record for a domain *is* legitimate - whatever the user ends
> up using the domain for.

I'm not sure whether John meant the use of the 111.111.11.1 address.

I don't think an ISP should wittingly insert DNS records that are
either syntactically or semantically wrong. By the same argument, an
ISP for mailengine should refuse to insert, say,

mailengine1.com IN MX 10 mailin-01.mx.aol.com

unless the third party has confirmed they agree.

Just my 2c.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


beth.morgan at connectnc

Jan 27, 2009, 7:31 AM

Post #10 of 10 (2952 views)
Permalink
Re: Question about SPF being used to help a spammer [In reply to]

Thanks everyone, for such a good discussion on this.

On Jan 27, 2009, at 5:47 AM, Alessandro Vesely wrote:
>
>
> I don't think an ISP should wittingly insert DNS records that are
> either syntactically or semantically wrong. By the same argument, an
> ISP for mailengine should refuse to insert, say,
>
> mailengine1.com IN MX 10 mailin-01.mx.aol.com
>
> unless the third party has confirmed they agree.
>
> Just my 2c.

This is another point that makes perfect sense. I don't think I will
be making the change to the zone file. We've all agreed here that we
won't be bothered if he takes his hosting elsewhere either.

Thanks,
Beth


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

SPF help RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.