James Davis wrote:
JamesDR wrote:
Even better. If they give me a giant subnet of SPF records, I know
exactly what IP's I don't want connecting to my mail server. If a
spammer sends a spam from a subnet, passes SPF. I will and have gone,
looked at their record and blocked what they say is 'allowed' to send me
spam.
So if a spammer sets 0.0.0.0/0 as the subnet allowed to send mail from
their domain, you'd be happy to block that subnet from sending you mail?
James
You miss understood some parts...
I'll happily block a large subnet if it is a valid subnet and not some
odd number like 0.0.0.0/0 for which I'd add 3 points.
The point I was tying to make (which you sniped out) is that when
spammers say where they are sending spam from it actually helps to block
them. I'm not saying everyone should do this because maybe you need to
accept the mail from forged addresses, I don't know. I'm making the
point that -- if a spammer says "hey, these bots are allowed to send
spam for my domain" then you know right away who to block. Even if it is
a temporary block. That being said -- I've already done this with a
personal RBL. I've found this to be quite effective to block a large
amount of spam from a spammer outside the US that operates their own
domains (has a huge block of IP's.) That made the mistake of publishing
their SPF records for their entire net block. Before doing this, the
mails would just change servers, and when the domain was blocked, change
domains. Blocking their entire subnet blocked all spam from them. The
only way this could have been done is with SPF (the other domains also
show different invalid whois info as well.)
Like I said previously, I welcome spammers publishing SPF records.
--
Thanks,
James