Uptick in spam
anthony.kasza at gmail.com
Tue Oct 27 14:37:20 UTC 2015
22 emails later (only counting this thread)...
Can someone with the proper privileges confirm they have the spam under
control? I think any solution would be acceptable at this point. If you all
would like to debate the pros/cons of different spam filtering theories
after the spam has subsided, I don't mind but let's safeguard the
infrastructure before we start using it again.
On Oct 27, 2015 7:20 AM, "Ian Smith" <ian.w.smith at gmail.com> wrote:
> I'm not making any argument about the relation of SPF compliance to message
> quality or spam/ham ratio. You are no doubt correct that at this point in
> the game SPF doesn't matter with respect to message quality in a larger
> context, because these days messages that are not SPF compliant will simply
> never arrive, and therefore aren't sent.
> I'm saying that SPF helps prevent envelope header forgery, which is what it
> was designed to do. The fact that NANOG isn't checking SPF (and it isn't,
> I tested) was exploited and resulted in a lot of spam to the list. This
> wasn't caught by receiving servers (like Gmail's, for example) because they
> checked mail.nanog.org against the nanog.org spf record, which checked
> You can argue that envelope header forgery is irrelevant, and that corner
> cases don't matter. But I think this latest incident provides a good
> counterexample that it does matter. And it's easy to fix, so why not fix
More information about the NANOG