spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Blacklisting Bad SPF Records

2007-03-05 14:21:33
Stuart D. Gathman wrote:
On Sun, 4 Mar 2007, Graham Beneke wrote:

The piece that SPF brings to the equation is a way to assign "blame" for
the spam to domains rather than IPs.

Was just thinking about these implications today...
In IP blacklisting there are often 3rd parties that get "caught in the
crossfire" so to speak - particularly on shared hosting servers which
are quite prevelant. Whereas when an SPF domain gets abused (either due
to throw-away domains or a weak policy) the blame is directly assignable
and will not affect users outside of the administrative umbrella of that
domain.

Come to think of it a public domain based reputation list (both black
and white) may actually be very effective. When a domain gets listed for
abuse and the admin comes back and says "but we never sent that mail" as
is so common with spoofed mail - we have the protection that we can say
"you have explicitly taken responsibility for mail from those IP
addresses and you must either fix your servers or exclude the machines
from your SPF record"

Are there any public domain based reputation lists? Or would anyone be
interesting in working on setting one up?

Graham Beneke

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735