spf-discuss
[Top] [All Lists]

Re: first spf-enabled spam

2004-04-13 11:19:29
On Tue, Apr 13, 2004 at 01:04:28PM -0500, Daniel Taylor wrote:
Domains that are consistent spam sources can be blackholed _by_domain_,
which prevents us having to take valid businesses offline to protect
our users, and we can use some sort of "domain aging" to reduce the
strength of passes from new domains to prevent spammers from gaining
advantage from using throwaway domains to get bogus passes past us.

Question: how can we _quickly_ determine the age of a domain for
purposes of domain aging?  I see this as a potential problem.

What will happen is that we'll have to block based on the IP addresses of the
nameservers - ie. any domain registered to any nameserver in SPEWS-listed space
is automatically suspect.  This technique worked well back in the Cyberpromo
days.  Of course, then, the next round of viruses will turn the target systems
into DNS servers ...  and then we'll escalate yet again.

-- 
"None are more hopelessly enslaved than those who falsely believe they are
free." -- Johann W. Von Goethe