Spammers no longer use static domains, and they haven't for years.
Spammers us ZOMBIE PCs.
These are virus-infected PCs which let spammers do whatever they like
with them, such as cause those PCs to send out millions of e-mail
messages.
So, you get an e-mail from viagra(_at_)adsl-24-73-19-222(_dot_)att(_dot_)net
and it's
SPF OK.
But you see that it's spam when you read it.
What are you planning to do with this information? Block all of AT&T?
This (zombie pc's) is how the vast majority, maybe >95%, of the spam
today is sent.
The next tiny step, already being done, is for the spamemr to just use
the zombie pc's assigned host/domain, such as in my example, in the
MAIL FROM.
Of course, SPF does nothing to check the From: header which is what
the recipient sees, so it can say whatever it likes. Particularly
since it "passed" SPF.
With all due respect the discussion here seems to arise from people
who may know something about computers, about how SMTP works,
software, even some stuff about SPF, obviously have received some spam
and glanced at it, but show breathtaking ignorance about how spammers
actually operate and just seem to make it up on the fly.
Maybe we shuold work on that, come to some common understanding of how
spammers operate, BEFORE arguing the viability of some proposed
technical approach.
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg