Meng Weng Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com>:
In other news, we welcome luminary Eric S. Raymond to the list: among
his many accomplishments is Bogofilter (http://bogofilter.sourceforge.net/)
so I'm glad SPF has appeared on his radar.
Thank you. Bayesian filtering was my friend Paul Graham's idea rather
than mine, but I'm quite proud of having been the first to jump on it
and popularize the idea. In truth, bogofilter was as much a political
hack as anything else; I love LISP, but I knew Paul's idea would never
fly as long as it was tied to that one language.
I'm here for a specific reason; I think I might have an idea about how
to beat one of the ways that spammers are going to game against SPF.
I'd like to see if we can develop it into a workable recommendation to
go with SPF.
John Levine pointed out that if SPF becomes widely adopted we are likely
to see a lot more spamming from throwaway domains. The response on the
SPF site is unconvincing and reads like bafflegab.
I think the question to focus on is this: do we have any good
heuristics for recognizing throwaway domains? In particular, do we
have any that wouldn't rely on a central registry? If so, we should
write into the SPF proposal a requirement that DNS registrars
advertise the data needed to compute those heuristics. This should
work because DNS registry services aren't normally run by the spammers
themselves.
The simplest possible check would be on time since domain registration.
One could imagine SPF-compliant MTAs returning "451 Domain too young."
This, unfortunately, is easy to game against. Spammers could register
a rolling queue of throwaway domains and wait to use each one until the
default minimum domain age in sendmail or whatever will have expired.
This would raise their costs somewhat, but probably not by a significant
amount.
So the question is, what *other* data might registrars publish to
facilitate identifying domains that are probably throwaways?
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡