spf-discuss
[Top] [All Lists]

Re: first spf-enabled spam

2004-04-13 11:04:28
Again I think this is a case of looking at the problem backwards:

David Woodhouse wrote:

Not really. SPF makes the first guess of the naïve user correct, perhaps
-- but it's not really very hard to tell where a mail came from by
looking at the Received: headers, without SPF.

If it's an SPF pass, it saves you the trouble of looking up the IP
address in ARIN/RIPE/etc. That's all. AFAICT that's the only real
benefit we gain when the dust settles, after all the breakage which SPF
causes.

As someone who runs a couple of mailservers (which I'm sure makes me
an average subscriber to this list), receiving a mail with an SPF pass
lets me relax my spam checking, reducing the chance I'll get a false positive. It _cannot_ guarantee that the e-mail is not spam, just that
it is more likely to be real.
Domains that are consistent spam sources can be blackholed _by_domain_,
which prevents us having to take valid businesses offline to protect
our users, and we can use some sort of "domain aging" to reduce the
strength of passes from new domains to prevent spammers from gaining
advantage from using throwaway domains to get bogus passes past us.

Question: how can we _quickly_ determine the age of a domain for
purposes of domain aging?  I see this as a potential problem.

--
Daniel Taylor          VP Operations            Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com   http://www.vocalabs.com/        
(952)941-6580x203