Also, much spam from hijacked PCs seems to use the hijacked
PC's host, as in
wasteofoxygen(_at_)dyn-83-155-31-99(_dot_)ppp(_dot_)tiscali(_dot_)fr
That sort of thing will get around these SPF/YDK approaches, right?
No, a valid DK signature tells you that the message really was signed
by the domain in the From: line. If there's a zombie'd PC at
tiscali.fr, and it sends mail through Tiscali's mail servers using a
tiscali.fr address, and the servers sign it (which, with half decent
volume checks they wouldn't) it'll pass DK checks.
I agree that knowing that mail really came from woifnsdnskensk.com
isn't very useful without a reputation system, but DK at least
validates the actual mail that you see, not the envelope which you
don't.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
--
John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 330 5711
johnl(_at_)iecc(_dot_)com, Mayor, http://johnlevine.com,
Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg