RE: [spf-discuss] SPF enables fully automatic spam filter

On Wed, 2005-10-19 at 09:04 -0400, Stuart D. Gathman wrote:
<SNIP>
> No zombies currently get through because they forge MAIL FROM and
> only SPF pass gets whitelisted.  My concern is for future "improvements"
> to zombie code - which could easily include a state machine to emulate
> a mail retry queue as well as using a local SPF authorized MAIL FROM.
> I'm sure spammers aren't just sitting on their laurels.
Of course they will do those things, even funnier, the following quote:

8<------------------------
One spammer says: "There's no problem at all to create and control a
100K botnet in a few days.  But there's no reason to do that: existing
few bots, even just a portscan of an adsl range, and their
smarthosts provides *much* more realible and faster spam service"
"..currently, a 100M mailing takes about 3 hours, with high
deliverability.  Botnets are slower and delivery rate is lower."
---------------------->8

And guess what, most likely those smart hosts have their SPF records set
correctly. Only thing one could do is allow a maximum number of
messages/$timeunit to be relayed. Oh and smart hosts already retry, so
why bother.

In these cases, SPF unfortunatly doesn't really help. What it does do is
at least state that the email is allowed to come from those boxes. That
it is spam is something completely out of scope.

Greets,
 Jeroen

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

signature.asc
Description: This is a digitally signed message part