David Brodbeck wrote:
AccuSpam wrote:
The owner of the domain, may have the best information about what
this number should be.
I guess I don't understand what I'm supposed to do with that number.
Say a domain tells me that there's a 30% chance email from a server is
forged. Am I supposed to randomly drop 30% of the mail, or what?
Nah. Create SpamAssassin rules like
SPF_FORGERY_PROBABILITY_UNDER10
SPF_FORGERY_PROBABILITY_10TO40
SPF_FORGERY_PROBABILITY_60TO90
SPF_FORGERY_PROBABILITY_OVER90
that are worth positive or negative points.
Or reject everything with a forgery % over 90%.
Or greylist everything with a forgery % over 51%. (That is, issue a 400
response and if they try again later let it in.)
Besides, how would you generate that number? I share a mail server with
a bunch of other Ameritech customers. I have no idea what the
probability of one of them forging my domain is.
Assume probability of forgery is 0 unless you have evidence to suggest
otherwise. As an ISP, you can create spamtrap addresses at domains that you
own privately. Any spam that is forged from your domain is evidence that
forgery is going on. Aggregating the sending-mail-server data gives you a good
idea of how best to construct your SPF record.
Matthew(_dot_)van(_dot_)Eerde(_at_)hbinc(_dot_)com
805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"