[Mimedefang] OT but interesting hopefully - Spammers embrace email authentication
Kelson
kelson at speed.net
Tue Sep 7 12:21:49 EDT 2004
Jeff Rife wrote:
> On 3 Sep 2004 at 10:42, Kelson wrote:
>>Check out www.surbl.org. They're actually quite effective at catching
>>spam based on domain names - in this case of the websites being
>>spamvertized - despite the turnover potential.
>
> Correct, but SPF alone can't do anything about domains like this.
>
> If you use some other check (like SURBL), then you don't need SPF at
> all, because all the current SPAM tests know how to hunt out forgeries.
*sigh* Forest, meet trees.
My point was not to compare SURBL to SPF, but to use SURBL as an example
of how quickly anti-spam solutions can react to spammers setting up
throwaway domains. If SPF (or something similar) can tell you that the
message definitely came from XYZ, and you have a list of spammers'
domains that includes XYZ, bang, you know it's spam and you can kick it
out before they finish sending the headers. You know, doing with domain
names what we've been doing with IP addresses for years.
As for current spam tests being able to detect forgeries, the only ones
I know of focus on a few big names. Do you know of any "current spam
test" that can detect forged mail claiming to be from speed.net?
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
More information about the MIMEDefang
mailing list