Re: [spf-discuss] SPF, DKIM, and NIH
2009-10-16 05:32:38
--On 14 October 2009 15:08:15 -0700 David MacQuigg
<macquigg(_at_)ece(_dot_)arizona(_dot_)edu> wrote:
OK, I think I understand now what you mean by "sender". Sender
(individual author) addresses are worthless to identify bad senders.
See above.
That's simply not my experience. I've seen spear phishing attacks from
gmail accounts that are listed on blacklists. The blacklisting of sender
addresses does have value to me.
But, there's a bigger picture here. I'd like to rate-limit new senders that
haven't earned a good reputation. I can do that for individual gmail users,
but can't apply the same rate limit to all gmail users.
Therefore, I need a reputation system that allows me to key on sender
addresses. However, to do that, I need some sort of assurance that the
author address hasn't been spoofed.
Why rate limit? Well, for example, I see about 1% of users responding to
spear-phishing with passwords, and (amusingly, but annoyingly) about 1%
responding with abuse to the phisher, and about 1% reporting the abuse to
me. So, an effective phishing attack requires to hit a few hundred people
at a time. I'd be quite happy with freezing mail in my mail queue in these
circumstances, for new bulk senders from large ESPs, until I can approve it.
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [spf-discuss] SPF, DKIM, and NIH, (continued)
- Re: [spf-discuss] SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, Hector Santos
- Re: [spf-discuss] SPF, DKIM, and NIH, Hector Santos
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH,
Ian Eiloart <=
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH, Sanford Whiteman
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
|
Previous by Date: |
Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart |
Next by Date: |
Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman |
Previous by Thread: |
Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg |
Next by Thread: |
Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|