[Mimedefang] Re: What to do about bounced forgeries?
Kelson Vibber
kelson at speed.net
Mon Dec 22 15:59:59 EST 2003
At 11:52 AM 12/22/2003, Kenneth Porter wrote:
>Ok. So spammers use long TTL's to keep their shut down DNS from having an
>effect. So we have to create an RBL that vetos SPF for some domains.
It looks like this shouldn't be an issue. If a spammer posts an SPF record
for his domain, all it means is that they have to use the servers they
listed to send their spam - and that you know for sure who sent
it! Existing RBLs and filtering methods should do the job.
From what I've read, the idea isn't to directly identify spam/ham so much
as it is to identify forgeries, making it easier for *other* tools to
identify spam (and saving innocent bystanders from getting misdirected
complaints and bounces).
After all, if you get SPF-conformant mail from yahoo.com, it could still be
a spammer with a throwaway Yahoo account. But they won't be able to just
*forge* a Yahoo address anymore, so they'll have to either use their own
domain or go to the effort of signing up at Yahoo and getting kicked off as
soon as they get reported.
Kelson Vibber
SpeedGate Communications <www.speed.net>
More information about the MIMEDefang
mailing list