[Mark Shewmaker]
[...]
Those spammy users sending mail from your domain really are those spammy
users they claim to be. Making your SPF record say otherwise means
you're misrepresenting their claims of authenticity.
It's sort of like seeing a mugger who approaches someone and says:
"Hello there, I'm Bob, and I'm going to rob you now", at which point
someone else runs up and shouts: "Watch out! He's not really Bob!"
Okey. Here is an example.
I'm working at AOL (just for an example - not in reality ;-)
We have
"v=spf1 ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 i
p4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23
ip4:64.12.138.0/24 p
tr:mx.aol.com ?all"
And one of our users start to send mass spam pretending to be
Bob(_at_)Aol(_dot_)Com
while he is not Bob.
SPF validation will pass - as his IP valid source of emails from
<anybody>@Aol.Com.
I would like to prevent this and mark select IPs with high spam rating as
source of forged emails from Aol.Com domain.
Instead of each ISP use own reputation system - we will use single system -
but use different threshold to threat our user spammer.
Anyway, I agree that my proposal do not solve Spam problem ;-) Just like any
other proposal.
But it can be a part of complete solution.
As for specs - I have no problems to implement own:
"greater:${l}.bl.spamcop.net,1200" extension.
Thanks,
--
Andriy G. Tereshchenko
TAG Software
Odessa, Ukraine
http://www.24.odessa.ua