John D. Hardin wrote:
What if they include the subnet containing AOL's outbound MX hosts?
Waitaminit, bad example...
:-D
What if they include the subnet containing Apache's outbound MX hosts?
As I said before, score on the total number of the hosts matched by
the SPF record. Anything bigger than a class-C is suspicious. Anything
bigger than a class-B is *very* suspicious.
And if a big ISP SPFs their entire class-B, they are damned lazy.
Like everything else, you can't go at it blindly. A lot of the
suggestions here I'm sure weren't thought of on a whim. I can think of
an example where an ISP blocked outbound port 25 for all its users. Good
first step, but they didn't require auth and a spammer exploited this.
As the subject said -- a plan is needed. And I 100% agree with this
statement. What can be done now works for now. It won't always work for
the future (gray listing is one example that is very effective -- but
for how long....)
The bot army will always be. It is so effective at delivering spam that
is would be stupid to abandon it (from a spammers view.)
--
Thanks,
James