spf-discuss
[Top] [All Lists]

Re: Attacking the throwaway-domain problem

2003-10-15 08:54:12
On Wed, Oct 15, 2003 at 05:27:31PM +0200, Erik Corry wrote:
On Wed, Oct 15, 2003 at 09:16:23AM -0600, Jason wrote:
[testing a random IP for SPF-permission]
will make it that much harder to configure a DNS for massive
spam blasts from multiple locations.

I think this would take the spammers about 5 minutes to get around.
They know which IP addresses they want to use, so they can put them
in the DNS with no trouble at all.


But does it really matter ?

Two crucial points about spam are :
- it works, because sending bulk emails is very cheap. Each step
  making it more complicated, thus costlier, will make it less
  appealing.
- in order for them to send cheaply, spammers have to obfuscate
  themselves, and/or make unauthorized use of hijacked
  computers. Anything that would make them less anonymous, thus
  prosecutable in more countries every day, would severly handicap
  them. SPF is about that.

SPF is not the holy grail of anti-spam. At some point, you still have
to rely on some heuristics or black list, just like if you wanted to
auto-sort your snail mail.

The main thing about spam/viruses, IMHO, is to take steps in order
that it doesn't eats hundred of MBits on backbones, and thus,
overwhelms mailservers. SPF is nice because it will let us block the
mail at the SMTP level, before content transmission.

Right now, about 1% of the mails that reach my mailbox are
legitimate. Yes, that's 99% spam/viruses. Hopefully spamassassin
filters most of it. When you have hundred, thousands or even more
users, bandwidth and hardware (spamassassin is a resource hog) get
costly. A 90% reduction of spam would make a big change on these
costs. But it will still be 1 valid email for 9 spams, and I'm not
ready to give up spamassassin.

-- 
Nicolas Bougues
Axialys Interactive

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡