• wcsap.ini recommendations

    From DAVE GOURD@1:124/5013 to All on Thu Jan 31 19:18:36 2019
    Date: Sun, 30 Apr 2006 23:11:17 -0400
    From: DAVE GOURD
    To: all
    Subject: wcsap.ini recommendations
    Newsgroups: win.server.smtp.&.avs
    Message-ID: <1146453077.46.0@winserver.com>
    X-Mailer: Wildcat! Interactive Net Server v7.0.454.5
    Lines: 35

    I have read the help files and text in re the wcsap.ini settings, but looking at
    best and most widely practiced settings for

    Accept-SPF-SoftFail and
    Accept-SPF-Neutral and
    RecursionLimit

    I have them at (false, false, 20) but want max impact on bad senders. Not
    100% sure what the recursion limit is about.

    I agree with Hector's reasoning - pass/fail, no maybes, since it's like saying no in a soft voice when you should be using a 2x4 to impress someone.

    What setting for the above have the greatest impact on spammers?

    Although I am concerned with potential falsing or unintentional blocking, I would rather lose 5 potential customers' inquiry msgs than lose one solid customer's communciations - the old bird in the hand or 2 in the bush analogy.

    The way I have our system setup - external incoming email is not the main focus for our communications - we use the form mail method and telephone
    for new customer inquiries and/or 1st time orders, so falsing not a major consequence in those case where someone wants to place inquirues after visiting the webpages. Existing/established customers and contacts are whitelisted in sap filter.

    Our internet service clients would be the only considerations in potential falsing, but they understand the concepts and they too enjoy the relatively spam-free environment winserver affords us, and have to reservations about cutting the spam off even more.

    --
    D


    --- Platinum Xpress/Win/WINServer v3.1
    * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013)
  • From hector.santos@winserver.com@1:124/5013 to All on Thu Jan 31 19:18:36 2019
    Date: Mon, 01 May 2006 16:20:42 -0400
    From: "HECTOR SANTOS" <hector.santos@winserver.com>
    To: DAVE GOURD
    Subject: Re: wcsap.ini recommendations
    Newsgroups: win.server.smtp.&.avs
    Message-ID: <1146515007.46.1146453077@winserver.com>
    References: <1146453077.46.0@winserver.com>
    X-WcMsg-Attr: Rcvd
    X-Mailer: Wildcat! Interactive Net Server v7.0.454.5
    Lines: 73

    From: Dave Gourd


    I have read the help files and text in re the wcsap.ini settings, but
    looking at best and most widely practiced settings for

    Accept-SPF-SoftFail and
    Accept-SPF-Neutral and
    RecursionLimit

    I have them at (false, false, 20) but want max impact on bad senders.
    Not 100% sure what the recursion limit is about.

    I agree with Hector's reasoning - pass/fail, no maybes, since it's
    like saying no in a soft voice when you should be using a 2x4 to
    impress someone.

    What setting for the above have the greatest impact on spammers?

    SPF defines a "policy" for a domain to expose which machines he is allowed
    to send mail from on behalf of the domain name. So if you say gourd.com
    should only come from your IP machine 1.2.3.4, then you can have an SPF
    record that defines that rule.

    What is that really that HARD of a rule for other sides? if you have an AOL.COM account, is AOL saying you can only send mail using their machine or are you allowed to send it from lets say a Internet Cafe or some laptop
    while on vacation?

    There is where some sites will use a NEUTRAL or SOFTFAIL policy when the IP does not machine the list they provide. They are saying,

    "Look, the IP didn't match, but this may not really be a bad thing,
    because the user is allowed to use our domain name from other machines.
    So we don't know. Your call."

    Today, if the policy is NEUTRAL, you are suppose to ignore the result and continue checking for other things.

    Buf if it says SOFTFAIL, then its up to you.

    The default we have was:

    Accept-SPF-SoftFail FALSE ; if false, continue testing Accept-SPF-Neutral False ; if false, continue testing

    Many SPF people are changing the first (SOFTFAIL) one to TRUE, which says
    don't continue, consider it as a failure.

    Again, that is a local policy (your) decision. You might want to discuss
    this with other SPF sysops in the official SPF mailing lists, SPF-HELP (for administrators) or SPF-DISCUSS (more technical regarding future specifications).

    Although I am concerned with potential falsing or unintentional
    blocking, I would rather lose 5 potential customers' inquiry msgs
    than lose one solid customer's communciations - the old bird in the hand
    or 2 in the bush analogy.

    Well, the safe way is to keep it FALSE, but like I said, many people are
    using SOFTFAIL policies for rejection. If a domain is exposing a SOFTFAIL handling, then it is probably saying

    "Look, we really didn't expect this. The IP should match our domain.
    Do what you like with it. We will not vouch for it."

    But for a NEUTRAL, it is saying, It is possible they could be a mismatch,
    don't reject it. I personally do not believe in a NEUTRAL policy, but there are many outsourcing places where you can get an email address and use it
    from any machine. Spammers exploit the bad side of it, but there is also
    the defensiveless good side.
    --- Platinum Xpress/Win/WINServer v3.1
    * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013)
  • From HECTOR SANTOS@1:124/5013 to All on Thu Jan 31 19:18:36 2019
    Date: Mon, 01 May 2006 18:29:49 -0400
    From: HECTOR SANTOS
    To: DAVE GOURD
    Subject: Re: wcsap.ini recommendations
    Newsgroups: win.server.smtp.&.avs
    Message-ID: <1146522744.46.1146453077@winserver.com>
    References: <1146453077.46.0@winserver.com>
    X-WcMsg-Attr: Rcvd
    X-Mailer: Wildcat! Interactive Net Server v7.0.454.5
    Lines: 36


    <DAVE GOURD> wrote in message news:1146453077.46.0@winserver.com...

    I have read the help files and text in re the wcsap.ini settings, but
    looking at best and most widely practiced settings for

    Accept-SPF-SoftFail and
    Accept-SPF-Neutral and
    RecursionLimit

    I have them at (false, false, 20) but want max impact on bad senders. Not 100% sure what the recursion limit is about.

    Recursion is when a SPF policy as a redirection to another SPF policy, and
    then another, and another, and so.

    The REDIRECT or INCLUDE SPF commands allow an SPF record to have redirect or include to another list of IP addresses. Usually big systems with a long
    list of machines might use these commands.

    For example, big.com has a SPF record:

    v=spf1 redirect:big2.com include:vendor.com

    etc. Well, it is possible that this takes place over and over. The recursionlimit controls the maximum limit of how deep it goes.

    hacker.com might want to frustrate your DNS lookup by redirecting to itself:

    v=spf1 redirect:hacker.com

    The limit controls this possible abuse.

    ---
    Hector
    * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013)
  • From DAVE GOURD@1:124/5013 to All on Thu Jan 31 19:18:36 2019
    Date: Thu, 04 May 2006 10:53:58 -0400
    From: DAVE GOURD
    To: HECTOR SANTOS
    Subject: Re: wcsap.ini recommendations
    Newsgroups: win.server.smtp.&.avs
    Message-ID: <1146754438.46.1146515007@winserver.com>
    References: <1146515007.46.1146453077@winserver.com>
    X-WcMsg-Attr: Rcvd
    X-Mailer: Wildcat! Interactive Net Server v7.0.454.5
    Lines: 88

    Thanks for the insight on this subject Hector. We'll take your views under advisement.

    --
    D


    On 5/1/06 4:20 PM, HECTOR SANTOS wrote to DAVE GOURD:

    From: Dave Gourd


    I have read the help files and text in re the wcsap.ini settings, but looking at best and most widely practiced settings for

    Accept-SPF-SoftFail and
    Accept-SPF-Neutral and
    RecursionLimit

    I have them at (false, false, 20) but want max impact on bad senders.
    Not 100% sure what the recursion limit is about.

    I agree with Hector's reasoning - pass/fail, no maybes, since it's
    like saying no in a soft voice when you should be using a 2x4 to
    impress someone.

    What setting for the above have the greatest impact on spammers?

    SPF defines a "policy" for a domain to expose which machines he is allowed to send mail from on behalf of the domain name. So if you say gourd.com should only come from your IP machine 1.2.3.4, then you can have an SPF record that defines that rule.

    What is that really that HARD of a rule for other sides? if you have an AOL.COM account, is AOL saying you can only send mail using their
    machine or
    are you allowed to send it from lets say a Internet Cafe or some laptop while on vacation?

    There is where some sites will use a NEUTRAL or SOFTFAIL policy when
    the IP
    does not machine the list they provide. They are saying,

    "Look, the IP didn't match, but this may not really be a bad thing,
    because the user is allowed to use our domain name from other machines.
    So we don't know. Your call."

    Today, if the policy is NEUTRAL, you are suppose to ignore the result and continue checking for other things.

    Buf if it says SOFTFAIL, then its up to you.

    The default we have was:

    Accept-SPF-SoftFail FALSE ; if false, continue testing Accept-SPF-Neutral False ; if false, continue testing

    Many SPF people are changing the first (SOFTFAIL) one to TRUE, which
    says
    don't continue, consider it as a failure.

    Again, that is a local policy (your) decision. You might want to discuss this with other SPF sysops in the official SPF mailing lists, SPF-HELP (for administrators) or SPF-DISCUSS (more technical regarding future specifications).

    Although I am concerned with potential falsing or unintentional
    blocking, I would rather lose 5 potential customers' inquiry msgs
    than lose one solid customer's communciations - the old bird in the hand or 2 in the bush analogy.

    Well, the safe way is to keep it FALSE, but like I said, many people are using SOFTFAIL policies for rejection. If a domain is exposing a SOFTFAIL handling, then it is probably saying

    "Look, we really didn't expect this. The IP should match our domain.
    Do what you like with it. We will not vouch for it."

    But for a NEUTRAL, it is saying, It is possible they could be a mismatch, don't reject it. I personally do not believe in a NEUTRAL policy, but there are many outsourcing places where you can get an email address and use
    it
    from any machine. Spammers exploit the bad side of it, but there is also the defensiveless good side.



    --- Platinum Xpress/Win/WINServer v3.1
    * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013)