On Tue, 2004-08-17 at 07:01, guy wrote:
Why can’t a spammer create many domains, and use an SPF record like
this: “v=spf1 +all”.
Now any hijacked system can send email, but they must use a real
domain owned by the spammer.
Even if we disallow such a record,
Wide-ranging SPF records can easily be disguised by anyone that wanted
to (e.g. a spammer) so there's really little point trying to detect
them.
the spammer’s hijacking software could send the IP address to someone
or something that would update the SPF record with the IP address of
the hijacked system(s). The hijacking software will monitor the DNS
records until the IP address is listed then start to send SPAM.
On its own, SPF will not stop spam (note it's "spam", not "SPAM" - see
http://www.spam.com/ci/ci_in.htm). SPF is an anti-forgery technology,
not an anti-spam technology. It just happens that most domain forgery
currently comes in the form of spam and viruses.
This is why there has been much discussion of reputation services
recently, which will allow domain names to be scored, so that domains
with reputations for sending non-spam mail can be distinguished from
those that don't.
Paul.
--
Paul Howarth <paul(_at_)city-fan(_dot_)org>