OT: Why use softfail in SPF record?

Discussion in 'Windows Small Business Server' started by Gregg Hill, Oct 1, 2007.

  1. Gregg Hill

    Gregg Hill Guest

    Hello!

    I have noticed a few phishing attempts trapped in the IMF on my SBS 2003 SP1
    server with Exchange SP2, and some that got through, that claim to be from
    some rather major domain names (banks, auction sites). When I look up to see
    if they have an SPF record, they all have the softfail "~all" at the end of
    their SPF records instead of the "-all" hardfail tag.

    It seems a waste of time to have an SPF record if one is not going to set it
    to hardfail on a spoof attempt. Why not just use the "-all" at the end?

    What am I missing?

    Gregg Hill

    --
    ----------------

    DISCLAIMER WARNING: the information contained in any reply I make is merely
    an OPINION, one that I hope you will consider when you make a choice as to
    what you will do on your systems or network.

    **No recommendation is to be implied by my OPINION.**

    There, that should cover it!
     
    Gregg Hill, Oct 1, 2007
    #1
    1. Advertisements

  2. Gregg Hill

    Gregg Hill Guest

    Leythos,

    I understand your points, but my question was more towards the point that if
    one is going to set up an SPF record for one's domain, why not have the
    "-all" had fail instead of the "~all" soft fail. I mean, if one goes to the
    trouble of setting up an SPF record in order to prevent spoofing of one's
    domain (provided the receiving system checks SPF records), why bother with
    SPF at all if one is not going to hard fail it when spoofed?

    It does not make sense to me why such major domains would put in a soft fail
    rather than a hard fail when their domains get spoofed.

    If they had a hard fail "-all" in their records, then my server could block
    all spoofed mail purporting to be from their domains. Right, it lets it
    through because their SPF records are set to soft fail.

    Gregg Hill

    --
    ----------------

    DISCLAIMER WARNING: the information contained in any reply I make is merely
    an OPINION, one that I hope you will consider when you make a choice as to
    what you will do on your systems or network.

    **No recommendation is to be implied by my OPINION.**

    There, that should cover it!
     
    Gregg Hill, Oct 1, 2007
    #2
    1. Advertisements

  3. That these organisations don't necessarily actually know that they've
    identified all their outbound mail servers.

    If they have missed any while setting up the SPF record, and they set it
    for -all ("this list is definitive"), they'll get a ton of undeliverable
    mail. If instead they opt for ~all, their outbound mail will continue to
    flow.

    A really good anti-garbage filtering system will use SPF results to
    influence further testing. The IMF does not fall into that category, as
    it's only a basic filtering tool.
     
    Steve Foster [SBS MVP], Oct 1, 2007
    #3
  4. Gregg Hill

    Gregg Hill Guest

    Well, that makes sense.

    I have seen a few recommendations for ORF. I have downloaded the trial, but
    have not installed it yet.

    Do you know if ORF uses SPF records in its spam checking?

    Gregg Hill

    --
    ----------------

    DISCLAIMER WARNING: the information contained in any reply I make is merely
    an OPINION, one that I hope you will consider when you make a choice as to
    what you will do on your systems or network.

    **No recommendation is to be implied by my OPINION.**

    There, that should cover it!
     
    Gregg Hill, Oct 1, 2007
    #4
  5. Hmm, SPF has been around for about 3 or 4 years now. I s'pose in the grand
    scheme of things you could still call that "new".
     
    Steve Foster [SBS MVP], Oct 2, 2007
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.