On Wed, 19 Oct 2005, Dennis Willson wrote:
I've started receiving email from zombies that had forged "Header FROM:"
addresses (which is what the users see) and some had used an "envelope MAIL
FROM:" for a domain that was globally SPF PASS. I have also received some
where the "envelope MAIL FROM:" was just a domain with no SPF record.
The no SPF domains don't help them. They have to have a an SPF pass
to be whitelisted (guessed passes accepted).
If they use an SPF pass domain, that is not a domain
users will be sending mail to. (Barring terminal stupidity -
which has to be dealt with manually - by blacklisting the domain. They do pay
us monthly support.)
Manually blacklisting the occasional domain a stupid user replies to
is much easier than trying to keep up with throwaway domains.
means the zombies are beginning to render SPF less useful. Greylisting solved
most of these as the zombies don't queue and resend (yet).
SPF doesn't block zombies or spammers - they can get a pass too for some
throwaway domain if they want. It lets me reliably whitelist legitimate
correspondents. SPF was never intended to directly block spam. It is intended
to block forged senders.
Greylisting needed here. Current crop of zombies can't get an SPF pass for
domains our users actively correspond with.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com