On Tue, 9 Feb 2010, dar...@chaosreigns.com wrote:
My home dynamic cablemodem address passes full-circle DNS. But not this. So this is far more useful for checking if an IP is a legitimate sending mail server.
So rather than mimicing SPF, you want to mimic the effect of various IP-based blacklists to which an ISP can report all of its 'unauthorized' IP's (typicalyl dynamic IP blocks)?
The obvious drawback is the same for your system as the already existing dynamic-ip blackilsts, which is that it only works when domains take the time and trouble to register either their 'authorized' (in your case) or 'unauthorized' (for the blacklist) ranges of IP's. Large companies which frequently reorganize their IP blocks will shy away from such a system, and smaller companies will lack the time/resources to implement anything that isn't 'out of the box'.
Encapsulating or rewriting the envelope 'From' address seems significantly less likely to be adopted from what I've read.
Unlikely in many cases, but I would quibble over 'less'. Overall, most corporate minds seem to think that they prefer false negatives to false positives, so they are extremely reluctant to adopt any strategy that increases the chance of a false positive, even under such strange conditions as a hack.... Indeed, given that there are no issues of false positives from rewriting the envelope sender, one could argue that it is the change *most* likely to be adopted, and therefore it has significance that it is not being adopted by everyone....
I am not very concerned about the throw-away domains because I'll reject all mail from domains not at least 10 days old.
Another feature already covered by a blacklist, and, already being bypassed by numerous spammers who are smart enough to buy a domain name months before they use it. (shrug)
I believe the benefit of not breaking forwarding is sufficient to make it much more useful than SPF for spam filtering. I've come across enough people, personally, recently, in trying to block (some = positive SA score) emails without an SPF "pass", who are not willing to ever implement SPF due to breaking forwarding that I believe this would be useful.
But *why* do they refuse to 'fix' their forwarding? I strongly suspect that the same reasoning would apply to their decision to not implement SPF or your IP-based filter idea.
- C
