Date: Thu, 16 Oct 2008 12:39:11 -0500 From: eculp@casasponti.net To: freebsd-questions@freebsd.org Subject: Re: I've just found a new and interesting spam source - legitimate bounce messages Message-ID: <20081016123911.17qwm4xcs6kgwg8so@intranet.casasponti.net> In-Reply-To: <48F77723.9090003@infracaninophile.co.uk> References: <20081016090102.17qwm4xcs6f4so8ok@intranet.casasponti.net> <20081016145255.GA12638@icarus.home.lan> <48F75A88.1000507@infracaninophile.co.uk> <alpine.BSF.2.00.0810160846040.473@border.lukas.is-a-geek.org> <20081016173807.64d0f24e@gumby.homeunix.com.> <20081016115844.17qwm4xcs6jkg84oc@intranet.casasponti.net> <48F77723.9090003@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman <m.seaman@infracaninophile.co.uk> escribi=F3: > eculp@casasponti.net wrote: >> RW <fbsd06@mlists.homeunix.com> escribi=F3: >> >>> On Thu, 16 Oct 2008 08:54:55 -0700 (PDT) >>> Luke Dean <LukeD@pobox.com> wrote: >>> >>>> >>>> >>>> On Thu, 16 Oct 2008, Matthew Seaman wrote: >>>> >>>>> Until the wonderful day that the entire internet abides by these >>>>> rules[*], use >>>>> of technologies like SPF and DKIM can discourage but not entirely >>>>> prevent the spammers from joe-jobbing you. >>>> >>>> I just started getting these bouncebacks en masse this week. >>>> My mail provider publishes SPF records. >>> >>> SPF increases the probability of spam being rejected at the smtp >>> level at MX servers, so my expectation would be that it would exacerbate >>> backscatter not improve it. >>> >>> Many people recommend SPF for backscatter, but I've yet to hear a cogent >>> argument for why it helps beyond the very optimistic hope that spammers >>> will check that their spam is spf compliant. >> >> I feel the same way and thanks for adding some humor to the situation. > > Most spammers aren't aiming to generate back-scatter as their primary > means of disseminating their spam, so they'll do what they can to get > the best chance of a successful delivery. That means sending SPF =20 > compliant e-mails where possible. It's actually quite simple for =20 > them to filter out SPF protected addresses from their target lists, =20 > so they do tend to do that, and it's typically the same list of =20 > target addresses they use for forged senders too. It's telling that =20 > both having a correct SPF record and having no SPF record at all =20 > have a zero score in SpamAssassin (ie. neutral) whereas =20 > non-compliance scores lots of spam points. > > Also see my point earlier about rejecting messages during the SMTP =20 > dialogue. SPF is easy to check early and lets you reject messages > before acknowledging receiving them, which means a lot fewer bounce =20 > messages to (probably forged) sender addresses. Thanks, Matthew. That I've not done due to the possibility of rejecting legit email. =20 I'm going to revisit that decision. ed > > =09Cheers, > > =09Matthew > > --=20 > Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard > Flat 3 > PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate > Kent, CT11 9PW > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081016123911.17qwm4xcs6kgwg8so>