On 20201008, at 15:53, Markus Wild swinog-list@dudes.ch wrote:
Hey Jeroen,
SPF is only a part of a solution to the battle of spam.
SPF isn't suited to combat SPAM at all (including the whole other DKIM etc enchilada), since it's quite trivial for spammers to define these records correctly in throwaway domains.
Notice the word "part" above, there are many ways to combat spam, and most are not 100% effective.
Even the closed gardens of the big tech corporations with their millions is not even, heck they are a large source of spam...
Thus, no reasonable spam filter can honour (in a positive way) the presence of an SPF record, they can only punish the connection if there is an SPF record and the connection is in violation of that record. The really only benefit you could get from SPF is some kind of antispoofing protection, but at least in my experience, that is hardly ever a real problem to begin with
It completely stops 'simple attacks' though: hijack/bot a box and spew crap from a random domain and that solves a lot of phishing attempts also with the real domain (does not solve anything like registering a lookalike domain etc though, or just uninformed users).
That is actually most of the nonsense happening in the world and takes care of every host that is not properly configured. And that is the goal of SPF, and also DKIM and also DMARC.
True spammers (read: advertising) are professional organisations and indeed can setup that infrastructure completely without issue.
Thus nothing really works against that as they have more resources and legal constructions to avoid any persecution.
See also the other messages on the list about Rocket Mail and of course this cool GDPR / DSVGO thing.
It helps a lot to combat broken setups.
If a setup is broken, they are not worthy of receiving mail in the first place.
Thus, if you hate on SPF, I can only conclude you have shot yourself in the foot a lot with it.
No, I hate SPF because it breaks basic SMTP relaying, or in more enduser speak: redirected mails.
Rewrite the mail (e.g SRS-style), DKIM sign it, setup proper SPF and voila, it all works fine. Systems I take care of literally send millions of mails that way without issue. (See also http://lists.swinog.ch/public/swinog/2020-August/007358.html)
SMTP Relaying would involve MXs that authorize eachother to accept mail.
You are simply forwarding/redirecting, and the source is not the anymore where it originally came from nor did they give you permission to do so. As such, rewrite the From as you are not that the original sender.
Greets, Jeroen