Date: Thu, 16 Oct 2008 18:17:23 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: eculp@casasponti.net Cc: freebsd-questions@freebsd.org Subject: Re: I've just found a new and interesting spam source - legitimate bounce messages Message-ID: <48F77723.9090003@infracaninophile.co.uk> In-Reply-To: <20081016115844.17qwm4xcs6jkg84oc@intranet.casasponti.net> References: <20081016090102.17qwm4xcs6f4so8ok@intranet.casasponti.net> <20081016145255.GA12638@icarus.home.lan> <48F75A88.1000507@infracaninophile.co.uk> <alpine.BSF.2.00.0810160846040.473@border.lukas.is-a-geek.org> <20081016173807.64d0f24e@gumby.homeunix.com.> <20081016115844.17qwm4xcs6jkg84oc@intranet.casasponti.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig836C53A80A47A3BC8F209E27
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
eculp@casasponti.net wrote:
> RW <fbsd06@mlists.homeunix.com> escribi=F3:
>=20
>> On Thu, 16 Oct 2008 08:54:55 -0700 (PDT)
>> Luke Dean <LukeD@pobox.com> wrote:
>>
>>>
>>>
>>> On Thu, 16 Oct 2008, Matthew Seaman wrote:
>>>
>>> > Until the wonderful day that the entire internet abides by these
>>> > rules[*], use
>>> > of technologies like SPF and DKIM can discourage but not entirely
>>> > prevent the spammers from joe-jobbing you.
>>>
>>> I just started getting these bouncebacks en masse this week.
>>> My mail provider publishes SPF records.
>>
>> SPF increases the probability of spam being rejected at the smtp
>> level at MX servers, so my expectation would be that it would exacerba=
te
>> backscatter not improve it.
>>
>> Many people recommend SPF for backscatter, but I've yet to hear a coge=
nt
>> argument for why it helps beyond the very optimistic hope that spammer=
s
>> will check that their spam is spf compliant.
>=20
> I feel the same way and thanks for adding some humor to the situation.
Most spammers aren't aiming to generate back-scatter as their primary
means of disseminating their spam, so they'll do what they can to get
the best chance of a successful delivery. That means sending SPF=20
compliant e-mails where possible. It's actually quite simple for them=20
to filter out SPF protected addresses from their target lists, so they=20
do tend to do that, and it's typically the same list of target addresses =
they use for forged senders too. It's telling that both having a correct=
SPF record and having no SPF record at all have a zero score in SpamAss=
assin (ie. neutral) whereas non-compliance scores=20
lots of spam points.
Also see my point earlier about rejecting messages during the SMTP=20
dialogue. SPF is easy to check early and lets you reject messages
before acknowledging receiving them, which means a lot fewer bounce=20
messages to (probably forged) sender addresses.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enig836C53A80A47A3BC8F209E27
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREIAAYFAkj3dysACgkQ8Mjk52CukIy6ZACfad4qwqqZvKL5zaPwHSLZ90jN
9g4AoI3SwLK79H5nZf8lHHvNsTwhzuxi
=ifkS
-----END PGP SIGNATURE-----
--------------enig836C53A80A47A3BC8F209E27--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48F77723.9090003>