On Sun, Jan 28, 2007 at 02:54:50PM -0500, Daniel Sterling wrote: > > Basically, right now, we have IP-based RBLs. If all SMTP traffic were > authenticated via SPF/DomainKeys, etc, we could instead have > domain-based blacklists, which would raise the barrier to entry to > sending email. Spammers would adapt by buying many domains and using > distributed botnets to mass-sign messages, but this would be easier to > defend against.
Personally, I think SPF looks fairly broken. It tries listing every allowed sending host for a domain in one record, and has all sorts of cruft to try to acount for possibilities of legitimate mail being sent from other hosts. CSV has a nicer approach, IMO. Lookup the HELO, get a list of SRV records for hosts that can use that HELO. Then you can BL on the HELO. I haven't looked into DKIM (the successor to DomainKeys) enough to have much opinion. Except that i'm not sure the absence of a particular DKIM signature can be enough to tell you the message is illegitimate any more than I think SPF can tell you every possible server that can send legitimate mail from a domain... -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
