This is all based on an assumption of spammers using static domains.
On September 10, 2004 at 13:57 peeebeee(_at_)gmail(_dot_)com (Peter Bowyer)
wrote:
On Fri, 10 Sep 2004 13:50:33 +0200, Markus Stumpf
<maex-lists-spam-ietf-asrg(_at_)space(_dot_)net> wrote:
On Thu, Sep 09, 2004 at 06:54:59PM -0500, Jim Witte wrote:
Why not try to get the press to grab something the SPF *can* do -
like perhaps stop the flood of V1(_at_)GR@ and C10L1S ads that keep
filling
my inbox, coming from God-knows where. Or the porn, or the occassional
spam I get that's in either Chinese, Japanese, or Korean (I read none,
but it's in *something* I can't read).
Sorry, but I really fail to see how SPF can do all this.
SPF *could* do it *if* the spammers forge a domain that is using
SPF records *and* the sending IP is not authorized by the SPF settings.
Spammers run bot networks with up 500000 hosts - maybe more.
Just have a look at your maillogs
cooldictionary.com
forbetterjobs.net
<snip list of domains>
OK, so you know those domains belong to spammers. If you receive mail
apparently from one of those domains which passes SPF, you *know*
you've received a spam. Thanks, spammer, for confirming your identity
and making it easy for us.
An SPF failure is a de-facto reson to block (assuming you don't like
to receive spoofed mail). An SPF pass is an input to your reputation
system, which may confirm a blacklist entry and produce a 'block', or
confirm a whitelist entry and produce an 'accept'.
Peter
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg