On Tue, 18 Oct 2005, Herb Martin wrote:
The obvious weak point of this system is zombies. Should any
of the whitelisted senders contract a zombie, it would be
possible for the zombie to crank out spam - and poison the
Dspam dictionary in the process. So far, this is not a
problem in practice because most zombies forge the sender
(and hence don't pass SPF). I'm not sure what the next step
is when zombie writers start using senders filched from the
local machine that get SPF pass and are likely whitelisted.
Greylisting will stop the vast majority of them.
No zombies currently get through because they forge MAIL FROM and
only SPF pass gets whitelisted. My concern is for future "improvements"
to zombie code - which could easily include a state machine to emulate
a mail retry queue as well as using a local SPF authorized MAIL FROM.
I'm sure spammers aren't just sitting on their laurels.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com