Meng Weng Wong wrote:
On Aug 27, 2007, at 11:39 AM, Kelson wrote:
Jason Bertoch wrote:
Is it wise to blacklist both, or is this yet another case where SPF
has failed
to meet projections?
It's a case where the spammer has just handed you useful information:
You know for sure that the domain name is, indeed, the spammer's
domain name, and not an innocent third-party's. Blacklist it without
hesitation!
Yes, that usage was exactly the design intent of SPF.
Once you move from IP to domain reputation, you can do many
interesting things.
For example, you can go from the known-bad domain to its nameservers.
You can then go from those nameservers to detect other bad domains.
The URIBL plugin associates URL -> domain -> IP -> reputation lookup.
I am writing a similar plugin that associates domain -> NS ->
reputation lookup.
Meng - you are doing the email community a huge disservice with SPF. I
wish you'd just end this lie because SPF is less than useless. I breaks
existing forwarding standards and it causes false positives. SPF DOESN'T
WORK!
