cancel
Showing results for 
Search instead for 
Did you mean: 

Implement Sender Policy Framework

N/A

Implement Sender Policy Framework

I'm getting bucket loads of "Failure Notice" emails bouncing emails supposedly sent from my plus net account - all forged headers. Apparantly someone who I have had email contact with has a "spam zombie" on board.

As I understand it, if PlusNet were to implement SPF (Sender Policy Framework) by adding extra TXT entries to its DNS servers, and checking the SPF records of mail servers sending mail to PlusNet, that this could significantly reduce the amount of email traffic with forged PlusNet headers that can circulate - to the benefit of everyone.

How about it? AOL can manage it - surely PlusNet can too.

More info at http://spf.pobox.com

Thanks, DJ
10 REPLIES
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Implement Sender Policy Framework

See [Idea 2517] SPF (Sender PErmitted From) - ACCEPTED

This has been an open idea for many years now. PN did state they were going to implement it but so far no progress has been made or any idea when/if it will be implemented.
Community Veteran
Posts: 1,817
Thanks: 11
Registered: 30-07-2007

Implement Sender Policy Framework

This problem has started for me in only the last 2 to 3 weeks. I have set up filters, in outlook, to get rid of the mails, but I agree that if this is something that can be reduced or stoped relatively easily then I'm in support.

please plusnet make the changes.

A
prichardson
Grafter
Posts: 1,503
Registered: 05-04-2007

Implement Sender Policy Framework

Hi,

I am not sure you quite understand how SPF works.

SPF is not a magic solution that is suddenly going to see you with less spam. For from it.

If anything, it is going to be a cause of increased bounce messages.

SPF is also a voluntary system. So short of blocking any email without a SPF record, it's going to reduce spam by only a fraction.

As SPF use is very low at this time, such a block would see over 50% of the internet blocked from sending you email.

Kind Regards,
Community Veteran
Posts: 1,817
Thanks: 11
Registered: 30-07-2007

Implement Sender Policy Framework

cheers thanks for the advice. I wish there was someway thought I could block e-mail comming through to specific accounts that don't reside on my domain.

My domain is close to that of a Major UK House Builder and 2 or 3 people at the company have sticky fingers when submitting their address to websites. The result is I end up with mail for ggg@,ydomain.co.uk instear od ggg@housebuilderdomain.co.uk

A
N/A

Why is PN so loathe to provide info about SPF?

Naturally as SPF is a voluntary thing it would take a while for people to add sender ID to their DNS, but is that a good enough reason not to start?

I've had thousands of bounced spoof email bombarding me for months - tonight I set up the SPF record and the latest attack fizzled out after only 5 bounces!!!

Admittedly my SPF record does not work perfectly as I need more information about IP addresses of the PN servers which relay my mail - but this is something PN could easily supply in a member area which would allow people to experiment with SPF records for themselves. Why does PN not even mention it in the FAQ?

I recommend others to give it a try - have a look at: http://www.openspf.org/wizard.html
N/A

Re: Why is PN so loathe to provide info about SPF?

Quote

I've had thousands of bounced spoof email bombarding me for months - tonight I set up the SPF record and the latest attack fizzled out after only 5 bounces!!!

It does seem to make a difference. About April time one of my domains was hijacked by a spammer, and I had to field about 10,000 bounces! I implemented SPF and the most recent hijack barely made a dent in me - for major ISPs, especially in the US, they do seem to take notice of it.

I've now also added Domain Keys to my domains, also, to further strengthen my credentials.
N/A

Plus Net support say " We do not support SPF records&qu

As mentioned above, my initial attempt at setting up an SPF record seemed helpful in slowing forged mail, but the record wasn't working properly for mail I wanted to send. The domain is with 123-reg so I was able to alter the DNS, but as the mail I send is relayed through Plus.net I need to know details of their mailservers to put in the SPF record for my mail to be authenticated. I raised a ticket and got the following unhelpful reply:

"We cannot provide a list [of mailserver IP addresses or similar] as this may well change at any time. We do not support SPF records, so I'm sorry, but it's unlikely what you're trying to do is possible."

Thanks very much Plus Net!! Since implementing a sender ID policy has been agreed in principle - see Idea 2517 referred to in a previous post in this list - why am I being told the opposite? I wasn't asking them to add anything to my PN DNS - just to give me the information necessary to set up an SPF that would work with relayed mail. I feel so irritated I'm tempted to move to another ISP.

Meanwhile a renewed spoof attack sent 2500 bounced spam to me yesterday. As the original SPF did not work satisfactorily I had already changed email addresses and instead set the SPF for the problem domain to say it didn't send mail - so the bounced messages all failed and in time I'm sure the spammers will remove me from their lists.

But what is the point of PlusNet forwarding thousands of bounced messages rather than implementing a policy that would help? Since a growing number of subscribers are wrestling with this problem it's about time PlusNet actually listened and provided a more responsive service. Otherwise people like me will vote with their credit cards and go elsewhere!
N/A

Implement Sender Policy Framework

And surely not accepting all this rubbish mail would help reduce the load on the BT Centrals they keep telling us about being too busy!
N/A

Implement Sender Policy Framework

I do hope that PlusNet don't end up going down the same path that NTL did (one of the major reasons why I left NTL).

NTL adopted a policy of blocking all incoming emails from domains listed in the SORBS mailserver list (and possibly other RBLs too). That's fine if it only blocks spam, but inevitably it ends up blocking some legitimate email too. NTL provided no opt-out mechanism, so I was stuck for a long time unable to receive important email from a certain source.

The biggest problem with this situation is that there is no accountability about the way these RBLs are run, and the people who suffer by not getting the emails they want have absolutely no power to get things sorted out.
N/A

Implement Sender Policy Framework

An interesting thread, seems to have been a bit dormant for a while. Some thoughts for how SPF works from the other side:

I tried to set up a SPF record for my own domain, partially to help me filter out spammers trying to mail me spam at my domain.

As I use Plusnet's relay send out mail (to get around the fact that AOL blocks mail from ADSL addresses), I would have to include Plusnet as a legitimate source of mail for my domain. However, as Plusnet haven't set up any SPF info for their domain, my SPF record fails with a permanent error.

I can understand Plusnet's reluctance to implement SPF to block incoming mail, but certainly this shouldn't stop Plusnet from setting up an SPF record for their own relays. This would allow recipient SMTP servers (those who choose to use SPF) to validate mail sent through Plusnet's relays, and in turn would increase the take-up of SPF on the internet. All this would take is some admin overhead to ensure that all mail relay DNS names are included in their SPF account.

Any thoughts?