[EMAIL PROTECTED] wrote:
RW <[EMAIL PROTECTED]> escribió:On Thu, 16 Oct 2008 08:54:55 -0700 (PDT) Luke Dean <[EMAIL PROTECTED]> wrote:On Thu, 16 Oct 2008, Matthew Seaman wrote: > Until the wonderful day that the entire internet abides by these > rules[*], use > of technologies like SPF and DKIM can discourage but not entirely > prevent the spammers from joe-jobbing you. I just started getting these bouncebacks en masse this week. My mail provider publishes SPF records.SPF increases the probability of spam being rejected at the smtp level at MX servers, so my expectation would be that it would exacerbate backscatter not improve it. Many people recommend SPF for backscatter, but I've yet to hear a cogent argument for why it helps beyond the very optimistic hope that spammers will check that their spam is spf compliant.I feel the same way and thanks for adding some humor to the situation.
Most spammers aren't aiming to generate back-scatter as their primary means of disseminating their spam, so they'll do what they can to getthe best chance of a successful delivery. That means sending SPF compliant e-mails where possible. It's actually quite simple for them to filter out SPF protected addresses from their target lists, so they do tend to do that, and it's typically the same list of target addresses they use for forged senders too. It's telling that both having a correct SPF record and having no SPF record at all have a zero score in SpamAssassin (ie. neutral) whereas non-compliance scores lots of spam points.
Also see my point earlier about rejecting messages during the SMTP dialogue. SPF is easy to check early and lets you reject messages before acknowledging receiving them, which means a lot fewer bounce messages to (probably forged) sender addresses.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature
