SPF does help, and we've used it for about three years here, but only when the domain being forged has an SPF policy. So, it's most useful when the recipient domain is being forged as the sender as well.
We've seen some joe job attacks with bounces around 25k to a single address. We filtered about 85% of those, but that still meant the customer received a bit under 4k. We've since tweaked our NULL sender filter to catch more, but at the risk of catching some read receipts, automated replies, etc. With volumes this high, even 99% filtering results in a huge hit (250 bounces) from the customer's perspective. We're working to get to the 99.9% level consistent with the rest of our filtering. Darin. ----- Original Message ----- From: E. H. (Eric) Fletcher To: Message Sniffer Community Sent: Saturday, June 28, 2008 11:56 PM Subject: [sniffer] Re: Backscatter Spam Matt: We also found SPF records did the trick on the high volume returns to several domains especially from some of the appliances. Eric ----- Original Message ----- From: Mxuptime.com To: Message Sniffer Community Sent: Saturday, June 28, 2008 8:50 PM Subject: [sniffer] Re: Backscatter Spam Intersting idea but the BATV appears to be something that you would need to run on the MTA level (i.e the MailServer would need to support the functionality) because it rewrites the return address on outgoing emails. On a side note, I have noticed a significant drop in backscatter when SPF is implemented for the particular domain. Most of the backscatter appears to come from valid antispam appliances like the Barracuda boxes which would normally use SPF. These devices perform the SPF test during the SMTP connection and rejects it immediately as opposed to bouncing the message back. So the SPF does help. -Matt From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Matthew J. Grim Sent: Sunday, June 29, 2008 1:25 AM To: Message Sniffer Community Subject: [sniffer] Re: Backscatter Spam As an aside, Mdaemon has an excellent backscatter prevention system. They appear to be using BATV, an internet draft at the moment. Matt in Tampa
