spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Throwaway domains

2003-10-09 05:49:33
from [Erik Corry] [Permanent Link] 
Hi,


From the FAQ:


We can counter with:

   1. fast automated blacklisting using spamtraps and attack detectors
   2. simple reputation systems based on factors such as
          * age of domain according to whois
          * email profile of domain, eg. "too many unknown recipients"
          * call-back tests to see if the sender domain is able to receive
            mail. 
      The reputation system can advise a receiving MTA to defer or reject.
   3. legal methods following the paper trail of who paid for the domain. 

All these things can be done now with IP-based blacklisting.
(The exception is the call-back test, but that's not a very good
test anyway).
Advantages of an SPF-based system:

* A trojaned machine with a dynamic IP can appear on many IP
  addresses.  The same isn't possible with SPF.
* We don't need help from the ISP to blacklist a spammer with SPF.
* The ownership info for a domain is available centrally (whois)
  and publically rather than decentrally (ISP customer records).
* Innocent parties inherit IP addresses.  That won't happen with
  spammer domains.

Nevertheless detecting throwaway domains will be a big challenge in
an SPF-protected world.  The key is the whois information, so:

* How much information can be pulled out of
  whois, and how automated can you make that?
    + Date of registry (not that useful - domains can be pre-allocated)
    + Real-world ID of person registering (quite useful)
* Can the whois infrastructure cope with large-scale automated
  polling by mail filters?
* Since whois only handles 2nd level domain data can SPF ever
  be useful for subdomains?

Other thought:

* The quality of a registrar might well become a filtering
  criterion.  Registrars that publish good whois info and
  are good at checking ID may earn their users a better spam
  filtering score.

-- 
Erik Corry erik(_at_)arbat(_dot_)com
A: Because it messes up the order in which people normally read text.
Q: Why is top-replying such a bad thing?
A: Top-replying.
Q: What is the most annoying thing in email?

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Why not just use S/MIME or GPG signatures?, Erik Corry
Next by Date:  Re: Throwaway domains, Mark Jeftovic
Previous by Thread:  Anti-spam, Mr. Ned
Next by Thread:  Re: Throwaway domains, Mark Jeftovic
Indexes:  [Date] [Thread] [Top] [All Lists]