[Mimedefang] Re: What to do about bounced forgeries?

Kelson Vibber kelson at speed.net
Mon Dec 22 15:59:59 EST 2003

At 11:52 AM 12/22/2003, Kenneth Porter wrote:
>Ok. So spammers use long TTL's to keep their shut down DNS from having an 
>effect. So we have to create an RBL that vetos SPF for some domains.

It looks like this shouldn't be an issue.  If a spammer posts an SPF record 
for his domain, all it means is that they have to use the servers they 
listed to send their spam - and that you know for sure who sent 
it!  Existing RBLs and filtering methods should do the job.

 From what I've read, the idea isn't to directly identify spam/ham so much 
as it is to identify forgeries, making it easier for *other* tools to 
identify spam (and saving innocent bystanders from getting misdirected 
complaints and bounces).

After all, if you get SPF-conformant mail from yahoo.com, it could still be 
a spammer with a throwaway Yahoo account.  But they won't be able to just 
*forge* a Yahoo address anymore, so they'll have to either use their own 
domain or go to the effort of signing up at Yahoo and getting kicked off as 
soon as they get reported.

Kelson Vibber
SpeedGate Communications <www.speed.net> 

More information about the MIMEDefang mailing list