Dr. Ernst Molitor [molitor(_at_)uni-bonn(_dot_)de] wrote:
On Mon, 2004-01-12 at 14:06, R. Scott Perry wrote:
Julian Mehnle wrote:
Assuming about one of a thousand mail addresses in a spammer's
address list is a spam trap, a spammer may be able to send one or
two thousand spams (but certainly not billions!) using his newly
acquired domain before the domain gets blacklisted.
That is a very, very important point that I hadn't seen come up
before. That helps a *lot* with the "But spammers will just publish
their own SPF records" argument.
please be serious. If a single vote saying a spam trap has been hit
would be sufficient to block an e-mail server, this would open up a
simple way to shut down virtually all e-mail traffic within minutes. You
wouldn't want that kind of DOS attack, would you?
I *am* serious. Don't confuse "spam trap" with "manually classified and
reported spam". A spam trap is a mail address that no human being should ever
be sending mail to[1]. Of course, the *ratio* of spam tram mail vs.
legitimate mail that has come from a given sender entity (be it an IP address
or an SPF-protected domain) should be considered before blacklisting it.
But for a spammer it will be immensely difficult to register a new domain, and
then sending significant amounts of *legitimate* mail from it (totally avoiding
spam traps) before starting to send the real spam.
[1] Spam trap addresses only get collected by mail address harvesters, i.e. web
spiders that search web pages for mail addresses.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)���v¼����ߴ��1I�-�Fqx(_dot_)com