On 3 Sep 2004 at 10:42, Kelson wrote:Check out www.surbl.org. They're actually quite effective at catching spam based on domain names - in this case of the websites being spamvertized - despite the turnover potential.
Correct, but SPF alone can't do anything about domains like this.
If you use some other check (like SURBL), then you don't need SPF at all, because all the current SPAM tests know how to hunt out forgeries.
*sigh* Forest, meet trees.
My point was not to compare SURBL to SPF, but to use SURBL as an example of how quickly anti-spam solutions can react to spammers setting up throwaway domains. If SPF (or something similar) can tell you that the message definitely came from XYZ, and you have a list of spammers' domains that includes XYZ, bang, you know it's spam and you can kick it out before they finish sending the headers. You know, doing with domain names what we've been doing with IP addresses for years.
As for current spam tests being able to detect forgeries, the only ones I know of focus on a few big names. Do you know of any "current spam test" that can detect forged mail claiming to be from speed.net?
-- Kelson Vibber SpeedGate Communications <www.speed.net>
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
