On Fri, 2004-09-10 at 17:12, Kelson wrote:
> John Hardin wrote:
> > I.E.: get an email that passes SPF, and scores high. Look at the
> > relevant SPF record and blacklist/high-score all of the hosts it states
> > are valid sources for that sender domain.
>
> Bad, *bad* idea. You're inviting DOSes. Given that the spammer has
> control of his own SPF record, he can list anything he wants there --
> say, 3 of his own servers followed by *Yahoo's* mail servers. Bang,
> he's tricked you into blacklisting Yahoo.
...and manual vetting would be an unacceptable amount of work for small
gain.
Okay, idea withdrawn. I guess getting spammers to shoot themselves won't
be quite *that* easy... :)
--
John Hardin KA7OHZ <[EMAIL PROTECTED]>
Internal Systems Administrator voice: (425) 672-1304
Apropos Retail Management Systems, Inc. fax: (425) 672-0192
-----------------------------------------------------------------------
If you smash a computer to bits with a mallet, that appears to count
as encryption in the state of Nevada.
- CRYPTO-GRAM 12/2001
-----------------------------------------------------------------------
