[Mimedefang] OT but interesting hopefully - Spammers embrace email authentication
Jeff Rife
mimedefang at nabs.net
Tue Sep 7 16:59:58 EDT 2004
On 7 Sep 2004 at 9:21, Kelson wrote:
> My point was not to compare SURBL to SPF, but to use SURBL as an
> example of how quickly anti-spam solutions can react to spammers
> setting up throwaway domains.
They aren't quick enough. "Throwaway domain" now means "lifetime of
several hours". That's too quick for anything really accurate to keep
up with.
> If SPF (or something similar) can
> tell you that the message definitely came from XYZ, and you have a
> list of spammers' domains that includes XYZ, bang, you know it's
> spam and you can kick it out before they finish sending the headers.
Again, knowing that "bad-domain.com" is bad really doesn't help you if
there is *never* another message from that domain. You never get to
check against SPF records.
> You know, doing with domain names what we've been doing with IP
> addresses for years.
One of the reasons that IP addresses work for these checks is that
somebody other than the spammer controls them. Anybody can just
register a new domain, but to get connectivity, you must have an IP
address, and that's limited by the providers you can use.
> As for current spam tests being able to detect forgeries, the only
> ones I know of focus on a few big names. Do you know of any "current
> spam test" that can detect forged mail claiming to be from
> speed.net?
SpamAssassin has tests for bad Message-IDs, Message-IDs added by a
relay, "Received" headers that don't look kosher, MUA identifiers that
aren't right, etc. They don't catch everything, but they often add
enough score to push things into the "just discard it" category.
--
Jeff Rife |
SPAM bait: |
http://www.nabs.net/Cartoons/Dilbert/LostPassword.gif
AskDOJ at usdoj.gov |
spam at ftc.gov |
More information about the MIMEDefang
mailing list