On Fri, 10 Sep 2004, Alan DeKok wrote:
Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
If the mailbox domain has been safely blacklisted, then no confirmation
with respect to the IP address from the SPF records is needed.
RFC 2821 header checking against authentication records in DNS
enables recipients to safely blacklist mailbox domains.
i.e. 100% of messages from a domain pass RFC 2821 DNS checks, and
are spam: the recipient may choose to blacklist the domain.
Many years ago, people started to block domains and email addresses. It
was found that rather than blocking spam, this practice motivated more DOS
attacks (joe-jobs). It would never be the case that 100% of the messages
from a domain 'pass checks' and are spam, unless that domain has been
subjected to a joe-job or the domain is disposable. If it is disposable,
then blocking it won't have any effect, since it won't be used for long.
In the absence of those checks, the recipient can still blacklist
the domain, but has no way of knowing for sure if the messages are
forged, and thus an attack by a malicious third party, who wishes to
disrupt communications between the alleged originator and the
recipient.
One still has no method of determining if the messages are forged, checks
or no checks. The "checks" have no value. The message could still be
forged, the DNS records could be forged, the senders machine could be
compromised, the abuser could obtain an account at the ISP that hosts the
domain, etc, etc, etc.
--Dean