Re: Need a rule written - Can whitelisting be this easy?

Fri, 13 Jul 2007 06:47:48 -0700 


Meng Weng Wong wrote:

Without diving too deep into this can of worms I'd like to point out 
that rejecting mail due to SPF fails is a whole different 
ball-game-of-wax than accepting mail due to an SPF pass -- the 
limitations related to forwarding are well known, but orthogonal to 
whitelisting, which is what this thread was originally about... A 
domain whitelist (reputation) is useful whether the 
(authentication/authorization) mechanism is SPF or DKIM or PTR.






But SPF pass means nothing because if you set and kind of real 
restrictions on the domain then it breaks forwarding.



What I'm proposing here requires that the domain do nothing at all 
except to not send spam. It's verified RDNS for lack of a better term. 
It is intrinsic to the existing system. All you have to do is check the 
RDNS, look up the name returned to see if it points back to the same IP 
and then do a lookup of the host name to see if the name is on a 
whitelist. The ham domain has to do nothing at all. This is dirt simple 
and it works. isn't it time we give up on SPF and go with something that 
works?



As most people here know I try a lot of things. But if I try something 
and it doesn't work then I give it up and go try something else. 
Spammers can set up SPF just as easily. The only way SPF can be relied 
on is if you restrict it to where is breaks forwarding. RNDS is 100% 
accurate if you verify it. It requires nothing be done and the obly 
thing you need to do is monitor hosts and add hosts that maintain a spam 
free reputation.



Granted my list of 1500 domains isn't perfect or complete. That's 
because I'm just one small company. That's why I'm throwing the idea out 
there so that sharp people, like yourself quite frankly, can start with 
the concept and do it right. And since this is a whitelist if some spam 
sneaks through every now and then because a big bank gets a virus - so 
what. White lists don't have to be as accurate as black lists because 
you don't lose anything if you're wrong.



And to to throw in a new concept - this could also be used for what I 
call "yellow listing" which are domain like yahoo, hotmail, gmail, aol, 
etc that are mixed source senders but you never want to blacklist. This 
protects them from false positives.



So Meng - come on. Give it up on SPF and do this instead because it's 
easier and it actually works.

























					Reply via email to