spf-discuss
[Top] [All Lists]

Re: Attacking the throwaway-domain problem

2003-10-15 19:38:29
In <20031015153237(_dot_)GC14174(_at_)arbat(_dot_)com> Erik Corry 
<erik(_at_)arbat(_dot_)com> writes:

On Wed, Oct 15, 2003 at 10:13:21AM -0500, wayne wrote:

The techniques that spammers can easily use to get around graylisting are
stopped by SPF

Please explain.


Graylists require the same tuple of (sending IP address, from email address,
to email address) to remain constant.  All a spammer needs to do to
get past a graylist is to make sure they use the same open proxing and
forged from email address to send to the same victim every time.  This
is really not a heck of a lot of extra bookkeeping, you can often get
by with just using the same random number seeds.

SPF restricts which IP address you can use with a given from address,
so the spammers are forced to either use a domain name that doesn't
use SPF, or to use their own domain.  However, if they use a the same
domain name all the time, they will get burned by RHSBLs.  If they use
throwaway domains to avoid RHSBLs and SPF, they get burned by
graylisting. 


-wayne

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡