Uptick in spam

anthony kasza anthony.kasza at gmail.com
Tue Oct 27 14:37:20 UTC 2015

22 emails later (only counting this thread)...

Can someone with the proper privileges confirm they have the spam under
control? I think any solution would be acceptable at this point. If you all
would like to debate the pros/cons of different spam filtering theories
after the spam has subsided, I don't mind but let's safeguard the
infrastructure before we start using it again.

On Oct 27, 2015 7:20 AM, "Ian Smith" <ian.w.smith at gmail.com> wrote:

> I'm not making any argument about the relation of SPF compliance to message
> quality or spam/ham ratio.  You are no doubt correct that at this point in
> the game SPF doesn't matter with respect to message quality in a larger
> context, because these days messages that are not SPF compliant will simply
> never arrive, and therefore aren't sent.
> I'm saying that SPF helps prevent envelope header forgery, which is what it
> was designed to do.  The fact that NANOG isn't checking SPF (and it isn't,
> I tested) was exploited and resulted in a lot of spam to the list.  This
> wasn't caught by receiving servers (like Gmail's, for example) because they
> checked mail.nanog.org against the nanog.org spf record, which checked
> out.
> You can argue that envelope header forgery is irrelevant, and that corner
> cases don't matter.  But I think this latest incident provides a good
> counterexample that it does matter.  And it's easy to fix, so why not fix
> it?
> -Ian

More information about the NANOG mailing list