On Sunday 04 March 2007 05:31, Graham Beneke wrote:
I have read of may comments by the nay-sayers of SPF of how it would be
possible for spammers to use disposable domains and other such tricks to
achieve their aims and use SPF to their benefit.
Spam policies seem to bless SPF validated domains with lower spam scores
but despite this I have not seen this kind of abuse once in all the
months that I have been running SPF checks on my severs.
This was done initially when SPF was deployed, but people learned better
quickly.
That said - something that I am noticing is spammers taking advantage of
very open SPF policies of some domains. Some as bad as +all!
Often the spammers are using completely random local parts on the
mail-from addresses so no one at the offending domain is subjected to
the backscatter produced. The domains involved are often being run by
inexperienced admins - who would not be the type of people to pour over
their server logs.
So my question:
How do we go about both educating the nieve admins as well as
encouraging them to make their records more focused and less prone to
abuse?
Help us make the web site better. Anyone can contribute.
Blacklisting based on the domain is the first thing that comes to mind -
but I am not convinced that it is an ideal solution. Many of the current
RBL's have continuous problems dictating their policies for 'where the
line is drawn' and then trying to implement that without making both
senders and receivers of mail rather annoyed.
In the end, this is where I think things head, but with a scored reputation
basis rather than a binary blacklisted, not.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735