Hi all.
I'm chiming back in to report that the amazing results I've
obtained with minor modifications to the perl reference
implementation of SPF have continued. The details of my setup
are found in the June and July NG archives.
The original setup described earlier was letting about one spam
in 800 (my weekly spam load) past the filter.
The few that escaped had a tendency to be from slower-moving
spammers who have their own domains and aren't using the
advanced technique of rapid zombie-bot relay rotation. It
seemed to me that SpamCop would have most of these spammers
listed as they present a relatively static target for the DNSBL.
So I added SpamCop DNSBL to the 'sendmail' configuration
along with the 'spf-milter' script.
The results are fantastic. The last spam I received was on July
30th--the day I added the DNSBL. 19 days of zero spam. The
reject rate dropped slightly from 850 per week to 650 per week.
This could be the result of spammers washing my domains out of
their lists due to the SPF bounces, or perhaps August is just a
slow month. The rate seems to have picked back up this week.
I figure I'm good for six to eight months, maybe a year. By then
SPF/SenderID will be starting to inflict real damage to
spammers and they will start using throw-away domains. However
this is easy to fix. All one needs to do is download one of the
several 'whois' modules off of CPAN and start checking domains
that pass SPF.
I figure that I'll reject all e-mail from domains less than one
year old since throwaway domains are never registered for more
than the minimum. All mail from Godaddy domains (including
domainsbyproxy.com) will automatically get the boot. I'm sure a
few other idiot registrars will make the registrar block-list.
Private registrations at Network Solutions and other more
respectable registrars will be rejected. It's just a few lines
of perl--not hard at all. I'll put in a post-SPF domain
whitelist since 'access.db' seems to run before 'spf-milter'.
Or perhaps the "delay_checks" sendmail option will do the trick.
I'll figure it out when I get there.
And to those who were nagging about false positives, let me say:
who cares! I've gotten one so far that I know of. My cousin
changed her e-mail address and the new one at Road Runner failed
the default rule. She called me on the phone (how about that?)
and I whitelisted her new address. Relative to the
quality-of-life improvement that receiving no spam represents,
this was a trivial and totally acceptable glitch.
David