On Fri, 10 Sep 2004, John Keown wrote:
If I define spam as commercial email then 90% of the spf pass are spam.
This is great, because now those domains can be safely blacklisted without
worrying about whether a decent company is being joe jobbed.
Would you like my blacklist? I use a DNS based blacklist which is shared
among all our customers (about 40 email domains). Here are the first few lines
of our blacklist, showing new domains added today. I am not sure our server
is up to a DOS attack, so I have altered the blacklist domain. I posted
rhsbl.m4 previously for use with sendmail to consult the blacklist
at MAIL FROM time.
Sharing the blacklist is a big help, but automating the blacklisting
via reputation tracking is the next tool. I am on the GOSSiP mailing list
and hope to build a Python implementation.
$TTL 4H
; www.netsol.com expires 12-May-2006
@ IN SOA ns.example.com. hostadmin.example.com. (
2004090700 ; serial
3600 ; refresh
900 ; retry
1209600 ; expire
43200 ; default_ttl
)
@ IN NS ns.example.com.
*.supplyleadd.com IN A 127.0.0.2; 2004-09-10
*.startlingnews.com IN A 127.0.0.2; 2004-09-10
*.m3flyingoffer4u.com IN A 127.0.0.2; 2004-09-10
trankly.com IN A 127.0.0.2; 2004-09-10
dtgnmail5.com IN A 127.0.0.2; 2004-09-10
spectacularplanet.com IN A 127.0.0.2; 2004-09-10
greenlightoffers.com IN A 127.0.0.2; 2004-09-09
*.beerbellybargainb.com IN A 127.0.0.2; 2004-09-09
...
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.