On 02/09, dar...@chaosreigns.com wrote: > Anything else is undefined (0 SA score) for future options.
This won't work. Everything lacking a 127.0.0.1 record needs to be a "fail", otherwise spammers can create undefined records to circumvent this. On 02/09, Charles Gregory wrote: > So rather than mimicing SPF, you want to mimic the effect of various > IP-based blacklists to which an ISP can report all of its 'unauthorized' > IP's (typicalyl dynamic IP blocks)? Basically, except of course that the default, when not participating, is effectively blacklisting (in the sense in which SA uses blacklists to increase the spammines score of an email). > The obvious drawback is the same for your system as the already existing > dynamic-ip blackilsts, which is that it only works when domains take the > time and trouble to register either their 'authorized' (in your case) or > 'unauthorized' (for the blacklist) ranges of IP's. Large companies which > frequently reorganize their IP blocks will shy away from such a system, > and smaller companies will lack the time/resources to implement anything > that isn't 'out of the box'. I disagree. I can implement it now (in fact I expect to, which is why I'd really like feedback on the A record format). So I block some more spam, and I get some extra false positives, and the senders get notified. And the senders can try to get the relevant MTX records created if they want. And maybe along the way these MTX records become a little more common, and I can increase the spam score of emails without MTX records and block some more spam without further increasing false positives. And maybe eventually, as a result of this iterative process, enough people create MTX records that I can reject all email without one. Having looked over the scores of my non-spams, I'm comfortable with the additional false positives up to an additional score of 4.5, as long as the sender is notified and has some possibility of eliminating that additional score. Others might be more comfortable with an additional score of 1. Still, you catch more spams, cause a few false positives, and the senders have the possibility of fixing the false positives. > Unlikely in many cases, but I would quibble over 'less'. Overall, most > corporate minds seem to think that they prefer false negatives to false > positives, so they are extremely reluctant to adopt any strategy that > increases the chance of a false positive, even under such strange I think you missed something important. Creating the records I suggest can create no false positives. That point is critical to this idea. Either they participate, and get their sending IPs whitelisted, or they don't participate, and they don't get their IPs whitelisted and mail from those IPs is more likely to be flagged as spam. Unless they send spam, in which case they'll get blacklisted. Which would be worse than not participating. So they should be really sure not to whitelist any IPs that send spam. And of course just as in existing IP blacklists, it is worth taking someone off a blacklist if they have corrected their spam problem. Not flawless, but still way easier than maintaining an IP blacklist. > Another feature already covered by a blacklist, and, already being > bypassed by numerous spammers who are smart enough to buy a domain name > months before they use it. (shrug) Good to know. It still doesn't concern me. This would still eliminate spams from the vast majority of IPs for which spammers aren't delegated to host PTR records. And if all spam has a verified paper trail (delivering IP -> domain -> registrar who can be subpoened), I think the sending of spam itself will be a lot easier to stop. > But *why* do they refuse to 'fix' their forwarding? I strongly suspect I don't know. > that the same reasoning would apply to their decision to not implement > SPF or your IP-based filter idea. Except that it causes me no problems if they don't implement my whitelisting. On 02/09, Charles Gregory wrote: > Those administrators will say that they do not have control over DNS, > because that's done at a higher organizational level, or that they don't > want to do something that is not 'standard' and will tell their users to > find another way to communicate with you. Same BS that is used to dodge I'm comfortable with that possibility. As I said, I expect benefit even without people participating. -- "The most merciful thing in the world, I think, is the inability of the human mind to correlate all its contents." http://www.ChaosReigns.com
