Phil Barnett wrote:
On Monday 11 December 2006 16:50, JamesDR wrote:
Would you care to elaborate on why SPF doesn't work for sender
verification? Its pretty simple, doesn't get much more simple that what
SPF does... If SPF doesn't work, nothing will.
There is nothing in SPF to keep a spammer with a botnet from putting 0.0.0.0/0
as their approved domain limit.
Sounds like a good spam sign to me. Let the spammers put 0.0.0.0/0 in
their spf records, I'll pop in 3 points for good measure.
Again, I said SPF doesn't stop bots. You will _never_ stop the bots.
Why? Well over 99% of my spam comes from the far east. Are you going to
convince all of those ISP's to change their ways, when they are making
money off of their customers spamming you? I doubt you'll see much
action happening quickly there. Graylisting now is a good solution. SPF
helps with joe-jobs. RBL's block most of the crud upfront. All of the
tools to 'break up the bot army' are there. No one bothers to use them
all to stop the spam they get. So they throw up their hands and complain
and yell for protocol changes, or to use some other method. My favorite,
point the blame at someone else. I get 0 spam to the Inbox with nearly
1fp for every 1,000 mails passed through. We're small enough here to
afford that 1fp as I check the marked spams.
I block all mail that fails SPF upfront. This also stops quite a bit.
If you get spam from one of my domains not from my mail server, its your
own fault. Enjoy the spam, wasted bandwidth, and storing that mail for
legal purposes.
--
Thanks,
James