On Monday 27 August 2007 14:59, Jason Bertoch wrote: > I think it's safe to say I'm not in the minority when I receive > SPF-Compliant spam. I'm looking for opinions on what we can honestly > derive from such messages regarding the sending server's IP and the sending > address' domain name. Is it wise to blacklist both, or is this yet another > case where SPF has failed to meet projections?
It is a fundamental property of electronic mail that new identities can be
created almost infinitely often and no authentication scheme can do anything
about that. The fact that the sender identity is not forged says nothing
unless you trust that sender.
For spammers to be able to send SPF-authenticated spam using botnets, they
usually have to authorize ridiculously large address blocks, for example
with "+all" or "+a:0.0.0.0/2 +a:64.0.0.0/2 +a:128.0.0.0/2 +a:192.0.0.0/2", so
it's possible to check for that. Another approach is to add a few points for
newly-registered domains, so called "day-old bread".
--
Magnus Holmgren [EMAIL PROTECTED]
(No Cc of list mail needed, thanks)
"Exim is better at being younger, whereas sendmail is better for
Scrabble (50 point bonus for clearing your rack)" -- Dave Evans
pgpiXzM53chcF.pgp
Description: PGP signature
