spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: HELO versus MAILFROM results

2005-05-06 06:28:57
from [Hector Santos] [Permanent Link] 

----- Original Message -----
From: "Radu Hociung" <radu(_dot_)spf(_at_)ohmi(_dot_)org>


That's why random(_at_)yahoo(_dot_)com is used so much for spam. A lot of 
sites
receive genuine email from yahoo.com users, so naturaly they give
yahoo.com mail a slightly better score than to other random addresses.
Same scenario with hotmail, but their SPF policy is probably starting to
eat into the spammer's successful delivery statistics.

So a spammer will try to use as real a MAIL-FROM domain as possible.


and one that is *not* SPF ready.


I have showed before in the closed-loop reputation establishing
algorithm based on SPF results that "none" results will eventually get a
very unfavourable spam score, so essentially they will spell "spam".
Most everyone then will avoid sending mail from domains which are not
SPF enabled. Including spammers. The chances of any mail from a non-SPF
domain will be slim to none, which is not what spammers are looking for.


I agree. The Smart Spammer will best not adjust and avoid SPF altogether.
But isn't this attempt to avoid a trap a trap within itself?  Isn't this
avoidance a good thing?   The SPF tighten system will undoubted become more
SMTP compliant and expect it as well at a minimum for backward
compatibility.   So the days for a invalid HELO is over which is a GOOD
thing!


With a "verified HELO" (= permitted IP) you can do some really
interesting stuff like your forwardmaster-plan or op=trusted.


Your point is only valid when the spammer does not use SPF.

If I have an SPF client domain policy,  and a SPF server is going to check
HELO, how is the spammer going to spoof my domain?

It can't.

Again, the problem with ALL enhanced Email/Domain
Authentication/Authorization is the biggest loophole of not using it at all.

SMTP must still be backward compatible. So the SPAMMER best weopon againt
all these ideas is to avoid these altogether.

----
Hector Santos, CTO
Santronics Software, Inc.
http://www.santronics.com
http://www.winserver.com/wcsap (Wildcat! Sender Authentication Protocol)
http://www.winserver.com/spamstats  (WcSAP Anti-Spam Stats)
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: HELO versus MAILFROM results, Hector Santos
Next by Date:  Re: HELO versus MAILFROM results, Frank Ellermann
Previous by Thread:  Re: HELO versus MAILFROM results, Frank Ellermann
Next by Thread:  Re: Re: HELO versus MAILFROM results, Radu Hociung
Indexes:  [Date] [Thread] [Top] [All Lists]