On 7 Sep 2004 at 9:21, Kelson wrote: > My point was not to compare SURBL to SPF, but to use SURBL as an > example of how quickly anti-spam solutions can react to spammers > setting up throwaway domains.
They aren't quick enough. "Throwaway domain" now means "lifetime of several hours". That's too quick for anything really accurate to keep up with. > If SPF (or something similar) can > tell you that the message definitely came from XYZ, and you have a > list of spammers' domains that includes XYZ, bang, you know it's > spam and you can kick it out before they finish sending the headers. Again, knowing that "bad-domain.com" is bad really doesn't help you if there is *never* another message from that domain. You never get to check against SPF records. > You know, doing with domain names what we've been doing with IP > addresses for years. One of the reasons that IP addresses work for these checks is that somebody other than the spammer controls them. Anybody can just register a new domain, but to get connectivity, you must have an IP address, and that's limited by the providers you can use. > As for current spam tests being able to detect forgeries, the only > ones I know of focus on a few big names. Do you know of any "current > spam test" that can detect forged mail claiming to be from > speed.net? SpamAssassin has tests for bad Message-IDs, Message-IDs added by a relay, "Received" headers that don't look kosher, MUA identifiers that aren't right, etc. They don't catch everything, but they often add enough score to push things into the "just discard it" category. -- Jeff Rife | SPAM bait: | http://www.nabs.net/Cartoons/Dilbert/LostPassword.gif [EMAIL PROTECTED] | [EMAIL PROTECTED] | _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
