Ilya Konstantinov wrote:
Elazar Leibovich wrote:
Thanks! That's about the tool I've needed.
But do you have experience with it? Does it has many (any) false
positives? Will it reject many valid clients?
SPF is not about guesswork and "false positives". For one, it requires
the active participation of every domain you wish to be safe about.
Since that's probably less than 1% of the domains in today's Internet,
you cannot just refuse mail from domains which don't participate in
the SPF game. The only thing sensible to do right now, is to refuse
messages which fail the SPF test for the domain they *claim* to come
from; everything else should be considered neutral.
The result? You'd be still left with as much scams coming from random
info domains, but when it comes to some high-profile domains which
already deployed SPF (microsoft.com, ebay.com, gmail.com,
hotmail.com...), you'd filter out all scams pretending to be them.
Note that SPF is not something reserved for high-profile domains.
Every Nigerian scam domain can deploy SPF and then it'll be verifiable
fair and square. So, no easy way of killing off all those Nigerian
scams? You betcha there isn't.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
I am not sure SPF will solve this problem
However -
There is a simpler approach (at least in concept) - that is to drop (and
not bounce) every mail that arrives with a RCPTTO user that doesnt exist
in your mail domain(s)
All of this kind of scam are generating random usernames like
[EMAIL PROTECTED]
FWIW - there is a patch for qmail that does precisely this
Danny
www.software.co.il
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
