spf-discuss
[Top] [All Lists]

RE: Some thoughts about spam and SPF

2004-08-25 15:06:53
David Brodbeck wrote:
AccuSpam wrote:
The owner of the domain, may have the best information about what
this number should be. 


I guess I don't understand what I'm supposed to do with that number.
Say a domain tells me that there's a 30% chance email from a server is
forged.  Am I supposed to randomly drop 30% of the mail, or what?

Nah.  Create SpamAssassin rules like
SPF_FORGERY_PROBABILITY_UNDER10
SPF_FORGERY_PROBABILITY_10TO40
SPF_FORGERY_PROBABILITY_60TO90
SPF_FORGERY_PROBABILITY_OVER90

that are worth positive or negative points.

Or reject everything with a forgery % over 90%.

Or greylist everything with a forgery % over 51%.  (That is, issue a 400 
response and if they try again later let it in.)

Besides, how would you generate that number?  I share a mail server with 
a bunch of other Ameritech customers.  I have no idea what the 
probability of one of them forging my domain is.

Assume probability of forgery is 0 unless you have evidence to suggest 
otherwise.  As an ISP, you can create spamtrap addresses at domains that you 
own privately.  Any spam that is forged from your domain is evidence that 
forgery is going on.  Aggregating the sending-mail-server data gives you a good 
idea of how best to construct your SPF record.

Matthew(_dot_)van(_dot_)Eerde(_at_)hbinc(_dot_)com                      
805.964.4554 x902
Hispanic Business Inc./HireDiversity.com         Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"