As I see it, here is one large problem with the "throw away" domains & SPF....
wildcard DNS... Couldn't you protect against this by
testing a "random" record for validity?
If the
spammerIP.in-addr._smtp_client.example.com
address comes back as "SPF=allow"
Then do a random
randomjunk.in-addr._smtp_client.example.com
If that also comes back as "SPF=allow" then you know you cannot trust this DNS
record for SPF proper authentication. This doesn't
necessarily mean they are a spammer, but it does mean that you cannot easily
rely on the SPF to be valid.
This would stop the little mom&pop shops from opening their SPF up to everyone.
Granted this won't stop the "throw away", but it
will make it that much harder to configure a DNS for massive spam blasts from
multiple locations.
Basically, as I see it, SPF can have 3 results.
1) Not authenticated
2) Partially authenticated (they used a "SPF=allow" wildcard)
3) Authenticated, and no "SPF=allow" wildcarding on the DNS was found
----- Original Message -----
From: "Erik Corry" <erik(_at_)arbat(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Wednesday, October 15, 2003 8:49 AM
Subject: Re: [spf-discuss] Attacking the throwaway-domain problem
Hi,
I thought I could provide a useful way at looking at what
SPF is proposing to do and how, but it seems that you
object to my use of words.
On Wed, Oct 15, 2003 at 09:19:27AM -0500, wayne wrote:
How and whether the IP address is authenticated is beyond the scope of
^^^^^^^
the SPF proposal.
This discussion of nomenclature isn't getting us anywhere, but
I'll point out that without any IP address authentication SPF
would be quite useless.
* Forwarding service sends out spam:
Again, who is to blame?
Unless the forwarding service also provide spam filtering, I don't see
why they would even be thought about.
Because you can't tell whether they are a good-faith forwarder,
a sloppy forwarder or a spammer masquerading as a forwarder.
The problem with SPF is that it doesn't provide the middle man
anything he can show to the next step in the chain that proves
that he (the middle man) made a real attempt to verify the origin
of the mail.
Domains can be created out of thin air for pocket change,
esp. if you allow 3rd level domains to publish their own SPF data.
Use graylisting.
We can do that now. SPF may make it marginally more useful.
With pressure applied to the registrars it could be considerably
more useful.
At any rate SPF can be implemented right now and we can worry
about the other stuff later. I predict that the registrars will
come under pressure to provide information about the people
behind the domains once SPF has made the domain responsible
for spam (somewhat) verifiable.
--
Erik Corry erik(_at_)arbat(_dot_)com
A: Because it messes up the order in which people normally read text.
Q: Why is top-replying such a bad thing?
A: Top-replying.
Q: What is the most annoying thing in email?
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡