[Mimedefang] Pre-Emptive Greylist entries
Gary Funck
gary at intrepid.com
Tue Jan 10 16:50:42 EST 2006
> From: David F. Skoll
> Sent: Tuesday, January 10, 2006 11:02 AM
>
> Matthew.van.Eerde at hbinc.com wrote:
>
> > That is the sole purpose of SPF, to force domains that send spam to
> > admit ownership of the sending servers.
>
> spammer.com. 1d IN TXT "v=spf1 +all"
>
> I own the world! :-)
>
> (Yes, I know SPF implementations can treat such a record with suspicion,
> but in principle, it's a valid record.)
OK. It is funny, but my suggestion was serious. When I suggested
that the SPF record be checked, I was suggesting that it be checked
using a reasonably conservative intepretation of SPF. And, I agree
with Matthews, that if the spammers are willing to validate
their presence via SPF, I'm willing to bypass greylisting and
blacklist them a short time later. <g> Keep in mind that greylisting is only
a heuristic first defense.
If I have the time, I'll give my suggestions regarding the use
of SPF and RDNS a shot, and report back on the results. My hunch
is that they'll offer decent improvements, especially in handling
first time senders. Better, perhaps I'll process the message logs
and give some feedback on how this approach might fare.
- Gary
More information about the MIMEDefang
mailing list