ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] SPF is only useful to dupe the ignorant...

2004-09-13 15:07:41
from [Barry Shein] [Permanent Link] 

Well, first, I commend you for indicating that you are actually
knowdgeable about how spammers are operating currently, on this list
it's like a breath of fresh air.

But I'm still confused as to why someone with one of those bazillions
of assigned host names won't possibly have a matching SPF record?

Most responses thus far say it's not a LIKELY policy (of the ISPs)
which leaves me wanting because what do they know what LIKELY policies
might arise?

I could just as easily argue that the same ISPs wouldn't possibly
tolerate thousands of zombie PCs because "obviously" it'll eat up
their bandwidth and cause lots of complaints etc, BUT HERE WE ARE!

So much for modeling the world in one's head by application of common
sense.

Anyhow, if someone might indulge me a technical reason that doesn't
rely on my accepting their projection of the ``mens rea'' of a major
ISP's marketing professionals I'd appreciate it.


On September 11, 2004 at 11:06 fw(_at_)deneb(_dot_)enyo(_dot_)de (Florian 
Weimer) wrote:

* Barry Shein:


Spammers no longer use static domains, and they haven't for years.

Spammers us ZOMBIE PCs.

These are virus-infected PCs which let spammers do whatever they like
with them, such as cause those PCs to send out millions of e-mail
messages.

So, you get an e-mail from 
viagra(_at_)adsl-24-73-19-222(_dot_)att(_dot_)net and it's
SPF OK.


No, this is not the way SPF works, and it's also not the way spammers
will comply with its requirements.

Nowadays, a sizable chunk of all botnet-centered spamming activity
already uses dedicated second level domains to provide a DNS name for
the controlling IRC server.  Registering a few additional domains to
send mail from domains with valid SPF records is a trivial step.  You
can even generate SPF records dynamically with a narrow scope so that
these records are not distinguishable from legitimate ones.

In theory, SPF fixes the bounce problem.  But this requires
significant deployment, and this is not going to happen.  Only badly
configured MTAs (or poorly outdated MTA software such as qmail) send
NDRs for unknown users or messages containing malware.  These MTAs
won't get magically fixed once there's a new RFC.


-- 
        -Barry Shein

Software Tool & Die    | bzs(_at_)TheWorld(_dot_)com           | 
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Re: SPF Abused by Spammers, Markus Stumpf
Next by Date:  Re: [Asrg] Re: SPF abused by spammers, Barry Shein
Previous by Thread:  Re: [Asrg] SPF is only useful to dupe the ignorant..., Bill Cole
Next by Thread:  Re: [Asrg] SPF is only useful to dupe the ignorant...], Fridrik Skulason
Indexes:  [Date] [Thread] [Top] [All Lists]