Home | Sitemap | Recent Changes | Login

SPF Logo

Sender Policy Framework

Frank Ellermann/Minger

Minger is an interesting proposal for border MTAs, e.g. any MX accepting mail from unknown strangers. Typically a border MTA rejects SPF FAIL, and after that obvious decision avoiding backscatter to innocent bystanders it still has to decide what to do with all other mails.

For an SPF PERMERROR it might decide to reject the mail, for an SPF SOFTFAIL and an SPF TEMPERROR it might reject the mail with a TEMPorary 4xx error.

For an SPF PASS the border MTA can decide to accept the mail "on probation", it's then responsible to deliver the mail or to report an error to the originator. By definition error reports to an SPF PASS envelope sender address can never hit innocent bystanders.

That still leaves the many mails resulting in SPF NEUTRAL or with no SPF policy, by definition SPF NONE must be handled like SPF NEUTRAL. If the border MTA accepts a mail it is responsible for its final delivery into a mailbox, or for a proper non-delivery report to the originator.

Back at square one, without SPF PASS the border MTA only knows that about 90% of all mails are unsolicited, including spam forging plausible envelope sender addresses of innocent bystanders.

An obvious way to limit the damage is to reject all mails to non-existing mailboxes at the border MTA, ideally also to "over quota" mailboxes. For this decision the border MTA needs to know which mailboxes (local parts) exist and accept mails. In some cases it's trivial to get this right, e.g. if the border MTA is also the final delivery MTA.

Often it's not trivial, it could be even a security or legal issue if a backup MX at a third party needs access on a database with existing mailboxes. The Minger draft lists some attempts to solve this problem, including "call forward" schemes which obviously can't work in border cases wrt SMTP timeouts, LDAP, and Finger. Apart from being shaky these attempts are based on TCP and therefore expensive for a border MTA.

The border MTA has to come to a decision "reject" or "accept" while still talking (in an SMTP session) to the client which tries to send mail (likely spam). SPF helps to reject "mail from" forged addresses, Minger helps to reject mail to bogus addresses.

Minger is based on UDP (datagrams) instead of TCP (connections), and therefore fast. It also offers a certain degree of authentication with shared secrets, spammers shouldn't get a free highway for faster dictionary attacks.

Edit text of this page | View other revisions
Last edited 2007-11-03 21:43 (UTC) by Frank Ellermann (diff)