North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Misguided SPAM Filtering techniques

  • From: William Herrin
  • Date: Sun Oct 21 22:13:47 2007
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=8KtP2BJaOG4q05ER1A674IkjQ2aD3dYRJJCrdEYqYEE=; b=SNnNsHzEsJ8Ga/Vut6fYMFu4GM/3RZFcoszclAx9qsUPo6y9an6RGzVeRyeYBnmHvBzg0ESp5lnIebIxAbsh+/tLmMNO9jY/R1AYS8kHzfWKiQA3OCLr4R3navRLIZp9JKI3xQbrPm/wuBJkmssoBenGPaznhw8Yd8GTfGrM16Y=
  • Domainkey-signature: a=rsa-sha1; c=nofws;; s=beta; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=OX8NVGnKPYnjFnaDXy4U5hyF3a25+z50AqZBzhqDhY64gdi8RKay2fkRXWkv1OFcyeRAq8S/rqqsYjr9fSNTY7NhM+a3IYzB+0nuXEnwOSoyuJu7etDwhkz42aTpLOb28otIGZkIvbhEcNq6XiA8+pR4mBKbs/ipVH4vq5wH05Y=

On 10/21/07, D'Arcy J.M. Cain <[email protected]> wrote:
> If something comes that is not whitelisted then email is sent
> back asking you to confirm that it is not spam.  I received one of these
> confirmation requests for a piece of spam that I did not send out.  I
> complained to them that this was not being a good neighbour.  While I
> sympathize with their spam problem I did not appreciate that they
> turned it into my problem.


Do you publish SPF records so that remote sites can detect forgeries
claiming to be from your domain?

If so, shame on them. Enough is known about the forgery problem at
this point that there's little excuse for autoresponse to a detectably
forged message.

If not, shame on you. You do realize that section 3.7 of RFC 2821
requires their server to notify the sender if they can't deliver the
message, right? Find the paragraph that starts, "If an SMTP server
has..." Just because a lot of spam filters break the RFC and just drop
the message on the floor doesn't mean its the proper thing to do.

Like the fence around your backyard swimming pool, you should have an
SPF record for your domain. Otherwise it may become an attractive
nuisance. That would be your fault.

Bill Herrin

William D. Herrin                  [email protected]  [email protected]
3005 Crane Dr.                        Web: <>
Falls Church, VA 22042-3004