spf-discuss
[Top] [All Lists]

RE: [spf-discuss] SPF enables fully automatic spam filter

2005-10-19 06:04:56
On Tue, 18 Oct 2005, Herb Martin wrote:

The obvious weak point of this system is zombies.  Should any 
of the whitelisted senders contract a zombie, it would be 
possible for the zombie to crank out spam - and poison the 
Dspam dictionary in the process.  So far, this is not a 
problem in practice because most zombies forge the sender 
(and hence don't pass SPF).  I'm not sure what the next step 
is when zombie writers start using senders filched from the 
local machine that get SPF pass and are likely whitelisted.

Greylisting will stop the vast majority of them.

No zombies currently get through because they forge MAIL FROM and
only SPF pass gets whitelisted.  My concern is for future "improvements"
to zombie code - which could easily include a state machine to emulate
a mail retry queue as well as using a local SPF authorized MAIL FROM.
I'm sure spammers aren't just sitting on their laurels.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com