----- Original Message -----
From: "David Woodhouse" <dwmw2(_at_)infradead(_dot_)org>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Friday, March 12, 2004 3:38 AM
Subject: Re: [spf-discuss] Latest proposal re HELO checking: make HELO tests
optional
On the other hand, I half suspect that those who can't be bothered to
fix their mailers to reject mail at SMTP time are _also_ unlikely to
bother to watch their mail queue or logs. We'd cause the offending MTA
to keep retrying for a few days and then the mail would bounce anyway,
and a lot of the owners of these machines wouldn't even notice the
difference. I would though, in my own logs. It'd probably annoy me more
than it'd annoy the offenders :)
Until there is a complaint, in a completely automated environment most
sysops will not notice the difference. Most of our bounce activity comes
from our supporting mailing list with dead addresses over time.
These days, I am spending more time viewing the logs simply because of the
anti-spam research and work I am doing. looking for false positives,
negatives and even the true positives and negatives. We have such a high
rate of rejection, it is completely unbelievable that there is very little
false negatives! We still get alot of false positives (spoofers still get
in, and will continue with SPF) but they are usually filtered at the DATA
stage with the mail filter. Very little gets in. This entire week I
personally got 1 spam. But with all out beta/gamma testers out there,
they are all completely astonished on high of a success rate that at
"protocol level" logic can reduce the spoofing by nearly 80%.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com