At 02:27 PM 1/21/2004, Za'mbori, Zolta'n wrote:
I read somewhere that large amount of spam coming from hijacked PCs. What
about these PCs? Who will setup SPF for these PCs?
No, you've got it backwards. The two components of SPF are:
- At the domain name of the apparent sender (records published)
- At the receiving mail server (records checked)
The actual sending mail server (or zombie) doesn't have to know anything
about SPF.
With spam from hijacked PCs, usually the apparent sender address is
forged. If the apparent sender has published SPF information, it will not
list the hijacked PC, so the receiving mail server will know it's been
forged and reject it.
For example: Joe Spammer sends mail through a hijacked PC claiming to be
from ajsfkhkj(_at_)speed(_dot_)net(_dot_) The receiving mail server looks up the SPF record
for speed.net, finds our servers listed but not the hijcaked PC, and
realizes it's forged.
Alternatively: Joe Spammer buys the joespammer.com domain and sets up SPF
records indicating that anyone is allowed to send mail with it. He then
sends spam through zombies, it gets verified by SPF, but because he's using
his own address we can blacklist him easily with no collateral damage.
Kelson Vibber
SpeedGate Communications <www.speed.net>
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡