So an SPF fail is significant and should score so high in and of itself that it is essentially a realtime blacklisting without creating a realtime blacklist. As to DOS, what more will spammers do anyway that they don't already do? You can easily make an SPF failed email just die without them even know it!
On Sep 10, 2004, at 8:12 PM, Kelson wrote:
John Hardin wrote:A thought: now that spammers are using SPF to "legitimize" their email,
could *we* use it as a means to shut them down sooner?
I.E.: get an email that passes SPF, and scores high. Look at the
relevant SPF record and blacklist/high-score all of the hosts it states
are valid sources for that sender domain.
Bad, *bad* idea. You're inviting DOSes. Given that the spammer has control of his own SPF record, he can list anything he wants there -- say, 3 of his own servers followed by *Yahoo's* mail servers. Bang, he's tricked you into blacklisting Yahoo.
-- Kelson Vibber SpeedGate Communications <www.speed.net>
Kindest regards,
Ron
"What shall we do? What shall we do?" he cried, "Escaping goblins to be caught by wolves!" - Bilbo Baggins
The Hobbit by J. R. R. Tolkein http://www.apple.com/trailers/newline/returnoftheking/trailer_large.html
