On Thu, Oct 09, 2003 at 09:15:56AM -0400, Mark Jeftovic wrote:
Personally I think throw-away domains are out-of-scope. Spf/rmx type
solutions solve one aspect of the spam problem: forged headers, joe
jobs, etc.
I was sort of hoping SPF could be used to help prevent spam
too. :-)
The essential feature of SPF is that it allows us to tie
an email to some identity that takes responsibility for its
spam-freeness. It's vital that it's not too simple to create
new identities, otherwise we haven't achieved much.
In the present, many registries and registrars already meter and throttle
connections to their whois databases, and going forward port-43 whois
may not even be around in its current form for long, so building reliance
on this will very likely see it pulled from under in the forseeable
future.
Is there even any way to identify the registrar of a given domain?
It would be very useful to at least be able to identify rogue
registrars who don't check ID.
* The quality of a registrar might well become a filtering
criterion. Registrars that publish good whois info and
are good at checking ID may earn their users a better spam
filtering score.
From a personal vantage point I do notice a trend for throw-away domains
to coagulate on identifiable groups of nameservers. You can deal with
throw-away domains in two ways: maintain RBLs of known spam domains
for the existing ones, then null route/blackhole the known nameservers
for them and set your MTA's to reject unknown domains.
If your method becomes popular then it's not that hard to get around
for the spammers. If they have machines that can be used to host
SMTP spews then they can probably be used to host a name server too.
Those trojaned ADSL machines should be usable for both.
Last I checked there was no restriction on which machines you could
use as name servers on a .com domain.
--
Erik Corry erik(_at_)arbat(_dot_)com
A: Because it messes up the order in which people normally read text.
Q: Why is top-replying such a bad thing?
A: Top-replying.
Q: What is the most annoying thing in email?
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡