At Tue Jul 06 2004 - 12:44:25 EDT Jonathan Gardner wrote:
Reducing spam and blocking spam are two different things. SPF
only blocks one kind of spam: spam with forged headers. What
David discovered, if I understand correctly, is that most (like
99.99%) of all spam is forged, and so by applying his SPF rules,
he has eliminated almost all of his spam. I too would like to
know how many legitimate emails he has blocked.
Jonathan,
I have a zero false-positive rate resulting from my creating
whitelist entries for non-compliant correspondents. This would
be hard to reproduce for a large number of users at present.
Wide adoption of SPF will be necessary first. However the SPF
filtering modifications I made can be tuned, possibly on a
per-user basis, to obtain partial results. I wrote this up
follow-up that didn't attach to the original thread properly:
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200407/0066.html
In a harbinger of things to come, I've had one source of spam
sneak through the original setup. A SPF compliant spammer
running off servers at swiftco.net got through. This miscreant
buys domains from domainsbyproxy.com (asdfasdfasd.us,
we-help-u.biz). I complained to swiftco and domainsbyproxy.com
with a CC to spam(_at_)uce(_dot_)gov(_dot_) No reply from domainsbyproxy, and
swiftco forwarded my complaint to the spammer who came back with
a rant.
So I have now blocked all swiftco.net IP addresses per the ARIN
database (they seem to mainly host pornographers--no great
loss), and the throwaway domains that this spammer has.
Stopped this one anyway.
I suspect that in a few months time I will be modifying my
'spf-milter' variant to do a 'whois' lookup for every e-mail's
domain. Any e-mail that comes from a domain registered with
domainsbyproxy.com will be automatically rejected. Probably a
few more idiot registrars will eventually make the list too.
Any e-mail from a domain that is less than six months old will
likely get the ax as well.
It's really nice to finally be able to something about these
clowns. The 'whois' registrar-based blocking should be a pretty
decent approach until good quality RHSBLs start to emerge. The
main difference is that a RHSBL will be able to create a more
nuanced domain blocking scheme than I can afford to create
myself. I'm hoping SpamCop will add a RHSBL. The original
SpamCop approach back in 1998/9 was essentially a RHSBL. They had
to switch to IP-based filtering because AOL and other large ISP
were havens for spammers at the time. A new SpamCop RHSBL would
probably be a supplement to the DNSBL and would list only
garbage domains.
Regards,
David