-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 10 September 2004 11:12 am, John Keown wrote:
I have been mirroring spf pass on my mail server. To my disappointment
90% of all email passing SPF are from email marketers better know as
spammers. The other 10% is mostly from aol.
I may decide to filter on passing spf as opposed to accepting spf.
Since you know that the domains that have passed claim responsibility for
the spam, why don't you do the following things:
(1) Mark those domains as spam, and reject messages from them at the MAIL
FROM stage. That way, you are saving bandwidth to your email servers. You
don't even have to do an SPF check anymore for those domains. Either the
email from the domain will be legit or not. If it isn't legit, you don't
want it. If it is legit, you still don't want it.
(2) Report those domains to your friends or others as spammy domains so that
others reject them as well. Eventually, nobody will receive email from
those domains.
(3) Find out if the registrars for those domains are connected. If you find
some registrars that consistently register domain that send spam, and don't
register domains that don't send spam, then start scoring all domains from
that registrar negatively. Or, you can refuse to receive email from domains
registered by that registrar. Report scores for registrars to your friends.
Eventually, spammy registrars will not be acceptable.
(4) Contact the administrators of those domains to tell them to stop
spamming you. They claimed that email as theirs, so they are responsible
for it. Contact the registrar and tell them to cancel the domain or to stop
registering spammy domains.
(5) Contact the authorities if any laws are broken and report the
administrators of the domain. Report the registrars if they accepted
fraudelent information.
(6) File a civil suit against the domain administrators if you feel you have
a case. File a civil suit against the registrars if the information for the
domain is inaccurate.
- --
Jonathan M. Gardner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFBQgpMBFeYcclU5Q0RAvM1AJ42A8v4ssFkDmLgU0GGZlm5N+mp/wCbB99f
P0WkARHkqSkbVmcFgVaDydU=
=nqn6
-----END PGP SIGNATURE-----