...... Original Message .......
On Mon, 16 May 2005 15:09:15 -0400 (EDT) "Stuart D. Gathman"
<stuart(_at_)bmsi(_dot_)com> wrote:
We (and our customers) have been bombarded by a boatload of German spam.
One characteristic of this spam is that the (forged) MAIL FROM is always a
domain with an SPF record that returns NEUTRAL for the zombies IP. It is
as if the zombie program screens potential forged MAIL FROMs to ensure
that they have an SPF record and won't get a FAIL.
I already reject NEUTRAL for commonly forged domains (e.g. aol.com), but
this new attack may lead to rejecting NEUTRAL results across the board.
Comments? (Other than noting that the draft RFC says NEUTRAL MUST BE
treated the same as NONE. My MTA, my rules.)
Well do that and people like me who are tied to shared MTAs that do not
prevent cross-customer forgery are pretty well screwed. We either get it
coming or going.
Scott K