nobody(_at_)xyzzy(_dot_)claranet(_dot_)de wrote:
Carl Hutzler wrote:
Is this use of SPF flawed?
[...]
If the [connecting IP] = [SPF record] then "trust it
more/whitelist"
It's perfectly possible for a spammer to get a PASS. You
wouldn't whitelist a spammer. But it's impossible for a
spammer to pretend to be me, he'd get a FAIL (in my case).
Unless I'm this spammer of course.
Actually, we DO WHITELIST SPAMMERS. I mean it happens. We don't want it
to happen a lot, but it does. See we also monitor everyone on the WL
very closely via volume, complaint, and bounce rates. So while a spammer
could get onto the whitelist, they won't be for long. And a new spammer
will have very low limits placed on how much they can send via a simple
SPF=whitelist type method. Now if they prove once on the SPF=whitelist
that they are a good sender, we would bump up their rate limits....or if
they contact us to get "accredited" via our postmaster.aol.com webpage
where you can simply ask to be on the whitelist, we might let them in
with higher limits on day 1. We do this of course for well known
organizations.
valuable reverse MX records which cover well over 95% of
the email traffic on the internet today.
Is that a guess ? 95% is a rather high number.
OK, 85%. Is that better? Still beats the 80/20 rule easily. How much
mail is not sent directly from the sending ISP to the destination ISP.
For AOL it is a small number.
Perhaps SPF should be updated to have the above logic.
You can use it this way. But whitelisting a PASS only
because it's a PASS is no long term strategy:
"v=spf1 +exists:{ir}.comcast.blackholes.us -all"
See above. It actually IS very good for AOL because of all our other
reputation based logic. Perhaps not every ISP can build this, but we do
have one. Of course many 3rd party products are out there that do what
we do...SenderBase (volume/bounces), SpamCop (complaints), Spamnet
(complaints), etc.
Back to my day job :-)
Be careful with mail from these comcast IPs, bye, Frank
--
Carl Hutzler
Director, Host Mail Development
America Online
cdhutzler(_at_)aol(_dot_)com
703.265.5521 work
703.915.6862 cell