The real weakness I see is that large networks don't police
themselves. In particular, much of the spam getting in here is sent
from MSN or Hotmail via hotmail.com mail relays. It's all
authenticated mail - not authenticated with SMTP AUTH, but
authenticated nonetheless.
I would argue it is the exact opposite. Large networks usually have very
tight security policies which wouldn't allow a virus/worm to execute in the
first place.
Those "tight security policies" don't do a thing to prevent spam being
sent from MSN and Hotmail via hotmail.com mail relays. As an example,
the mail in my mailbox immediately preceding yours was a spam with
envelope from/"Return-Path:", "From:", "X-Originating-Email:", and
"X-Sender:" all being jomicool05(_at_)msn(_dot_)com(_dot_) It was received
here from
bay5-f4.bay5.hotmail.com [65.54.173.4], so it passed SPF.
MSN put on a header reading "X-Originating-IP: [195.166.237.40]", and
that IP is on the sbl-xbl.spamhaus.org, bl.spamcop.net,
cbl.abuseat.org, and dnsbl.sorbs.net blocklists. Had the spam been
sent from that IP, my mail system would have rejected it.
So here we have a spammer who can't get his (or her) spam accepted due
to blocklisting getting it through by logging into an MSN account
(i.e., authenticating) and sending it from there, where it not only
can't be blocklisted, but it also passes SPF (and Sender-ID).
Spam sent this way is nearly the only spam I get, and it dominates the
spam reports sent by my users to my spam-reporting address. They
don't like me just saying there's nothing I can do about, so now I
also tell them Microsoft authorized it.
It's your small business networks with high speed internet
connections and some dumb ass giving every user admin rights on their
workstation that causes this problem. Well, that and home users.
Those small business networks and home users all have upstream ISPs,
and those ISP should be policing their networks. In other words, I do
not think those ISPs' "tight security policies" (which I'm unwilling
to grant even exist in many cases) are the end of their obligation to
prevent spam. I don't tolerate my users spewing spam, whether or not
it's deliberate.
--
Dick St.Peters, stpeters(_at_)NetHeaven(_dot_)com
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com