Phil Barnett wrote:
On Tuesday 12 December 2006 07:28, JamesDR wrote:
There is nothing in SPF to keep a spammer with a botnet from putting
0.0.0.0/0 as their approved domain limit.
Sounds like a good spam sign to me. Let the spammers put 0.0.0.0/0 in
their spf records, I'll pop in 3 points for good measure.
But, you are making some assumptions at this point and that is the crux of why
SPF can't work very well.
Say you give points for that one. So, where do you draw the line. Do you give
points for (for example) 123.0.0.0/8? What if that is someone's legitimate
domain space?
Bot masters can easily set up SPF addresses that will encompass giant subnets
of bots. You'll never know where to draw the line.
Even better. If they give me a giant subnet of SPF records, I know
exactly what IP's I don't want connecting to my mail server. If a
spammer sends a spam from a subnet, passes SPF. I will and have gone,
looked at their record and blocked what they say is 'allowed' to send me
spam. In a way, they've done me a huge favor by block their entire bot
net at the router. Quite effective at stopping spam indeed. This does
have a huge issue with collateral damage, however what I would also do
is contact the ISP and point them to the SPF record "see, your network
is owned by a spammer." Also makes it very handy for RBL lists to know
where future spam will come from.
I welcome spammers creating SPF records. Makes my job quite easy in
stopping the bot army.
--
Thanks,
James
