Jay and all, just chiming in here. In general I agree with you Jay. Still not having a SPF record properly specified should be 'One' check that should make folks suspicious yet not necessarly qualifying them as prolific spam originator. Just my 2 cents, FWIW. Regards, Jeffrey A. Williams Spokesman for INEGroup LLA. - (Over 300+k members/stakeholders and growing, strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1(a)ix.netcom.com Phone: 214-244-4827 -----Original Message-----
From: Jay Daley
Sent: Jul 22, 2010 4:33 PM To: nznog Subject: Re: [nznog] SPF Mail rejection On 22/07/2010, at 6:10 PM, SIMON WALKDEN wrote:
I've seen a lot of clients' outbound mail rejected in the last 12 months due to SPF issues; particularly mail being delivered to secureMX, or Xtra. The plan of attack was usually:
1. do they appear on any RBL's? (self explanatory, I know, just thought I'd list it) 2. does the HELO ID of their server match the MX record for the domain? 3. does the MX record (and HELO ID) contain the terms 'smtp' or 'mail'? (strange I know, but it's made a difference)
In what way does it make a difference?
4. does a PTR record exist for the mail server's FQDN? 5. does the domain have a valid SPF record?
If all these criteria are met, you really shouldn't have any problems passing go & collecting $200.
I would love to be able to use HELO/EHLO when deciding what to accept but my own testing shows far too many false positives. A few years ago and in another role I saw: http://blog.nominet.org.uk/tech/2005/08/06/incorrect-heloehlo-information-is... but I've seen similar problems recently when I last looked.
I suspect we need a "Strict HELO/EHLO Day" where enough of the world's sysadmins unite to put strict settings on what they accept to force those with crap in their HELO/EHLO to do something about it.
Jay
Love, Simon W
On 22 July 2010 17:22, Mark Wakefield
wrote: On 22/07/10 16:36, Regan Murphy wrote:
It appears that safegas.co.nz have their mail configured to come via hosts.net.nz, and their on-premise mail server is enforcing SPF which should break for anyone sending them email.
MX records for domain safegas.co.nz Your 1 MX records are: 10 mta.hosts.net.nz ip=210.48.108.65
mail.safegas.co.nz is W3's server (rua.w3host.co.nz) so they're going to be the ones to sort it out.
W3 should also look at putting a firewall in front of that server...
Mark _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
-- "Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam." _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
-- Jay Daley Chief Executive .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 931 6977 mobile: +64 21 678840
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog