Barry Shein <bzs(_at_)world(_dot_)std(_dot_)com> wrote:
On September 10, 2004 at 11:05 sethb(_at_)panix(_dot_)com (Seth Breidbart)
wrote:
It's an arms race, as always. No single weapon wins.
This is a cliche which could apply just as well to painting ourselves
blue and dancing a cha-cha.
Maybe that's how world.std.com fights spam; I wouldn't know.
SPF helps. Here's how, in the presence of domain-burning
SPF-publishing spammers:
1. Greylisting: Email from a new domain that passes SPF is greylisted
for 30 minutes.
What about from the huge dialup/ppp domain pools like AOL, ATT,
earthlink, tiscali, interbusiness, tpnet.pl, retevision.es,
prod-infinitum.mx, plala.or.jp, hkcable.com.hk, comcast, verizon, etc
etc etc etc.?
What about them? In particular, what domain does the spam _claim_ to
be coming from? AOL isn't about to publish SPF records for its dialup
lusers; neither is ATT, earthlink, etc. Why should they? They'd only
publish such records for their own outgoing servers.
Because it's zombie'd PCs on those broadband nets which account for
nearly all the spam.
What domain will they claim? That's the key point.
This is a vague, probabilistic attack
What part don't you understand?
And stopping each spam with a probability of 99% may be
"probabalistic" but I like it.
on an outdated method of spamming.
It works fine against zombie armies. What's the newer method?
Seth
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg