Well, first, I commend you for indicating that you are actually
knowdgeable about how spammers are operating currently, on this list
it's like a breath of fresh air.
But I'm still confused as to why someone with one of those bazillions
of assigned host names won't possibly have a matching SPF record?
Most responses thus far say it's not a LIKELY policy (of the ISPs)
which leaves me wanting because what do they know what LIKELY policies
I could just as easily argue that the same ISPs wouldn't possibly
tolerate thousands of zombie PCs because "obviously" it'll eat up
their bandwidth and cause lots of complaints etc, BUT HERE WE ARE!
So much for modeling the world in one's head by application of common
Anyhow, if someone might indulge me a technical reason that doesn't
rely on my accepting their projection of the ``mens rea'' of a major
ISP's marketing professionals I'd appreciate it.
On September 11, 2004 at 11:06 fw(_at_)deneb(_dot_)enyo(_dot_)de (Florian
* Barry Shein:
Spammers no longer use static domains, and they haven't for years.
Spammers us ZOMBIE PCs.
These are virus-infected PCs which let spammers do whatever they like
with them, such as cause those PCs to send out millions of e-mail
So, you get an e-mail from
viagra(_at_)adsl-24-73-19-222(_dot_)att(_dot_)net and it's
No, this is not the way SPF works, and it's also not the way spammers
will comply with its requirements.
Nowadays, a sizable chunk of all botnet-centered spamming activity
already uses dedicated second level domains to provide a DNS name for
the controlling IRC server. Registering a few additional domains to
send mail from domains with valid SPF records is a trivial step. You
can even generate SPF records dynamically with a narrow scope so that
these records are not distinguishable from legitimate ones.
In theory, SPF fixes the bounce problem. But this requires
significant deployment, and this is not going to happen. Only badly
configured MTAs (or poorly outdated MTA software such as qmail) send
NDRs for unknown users or messages containing malware. These MTAs
won't get magically fixed once there's a new RFC.
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
Asrg mailing list