On September 10, 2004 at 11:05 sethb(_at_)panix(_dot_)com (Seth Breidbart)
wrote:
It's an arms race, as always. No single weapon wins.
This is a cliche which could apply just as well to painting ourselves
blue and dancing a cha-cha.
SPF helps. Here's how, in the presence of domain-burning
SPF-publishing spammers:
1. Greylisting: Email from a new domain that passes SPF is greylisted
for 30 minutes.
What about from the huge dialup/ppp domain pools like AOL, ATT,
earthlink, tiscali, interbusiness, tpnet.pl, retevision.es,
prod-infinitum.mx, plala.or.jp, hkcable.com.hk, comcast, verizon, etc
etc etc etc.?
Because it's zombie'd PCs on those broadband nets which account for
nearly all the spam.
2. Spamtraps: Email that hits a spamtrap, and which passes SPF, causes
the domain to be blacklisted. This will typically take well under
30 minutes for a serious spam run.
3. When the greylisting expires, the domain is blacklisted.
The spammer has an incentive to push out crap quickly, in order to get
a lot past the non-greylisting receivers before he hits the blacklist;
he also has an incentive to push crap out slowly, hoping to get some
through to the greylisting sites before he hits the blacklists.
This is a vague, probabilistic attack on an outdated method of
spamming.
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg