On Tue, 9 Feb 2010 14:15:37 -0500 dar...@chaosreigns.com wrote: > On 02/09, RW wrote: > > A compromised webserver with full-circle DNS would be caught by > > this. My point is that is the only class of spam that this could > > help with > > Ah, sorry, I thought you meant mail server. > > Still, I don't understand why you're saying this. > > It would also block, for example, spam from a dynamic cablemodem IP.
Aside from a few corner cases, I don't see any advantage over checking for full circle DNS > And everything that it didn't block could be blocked by blacklisting > domains which have MTX records for spamming IPs. The same thing applies to full circle DNS > > Every thing else is either handled by full-circle and no DNS tests, > > Full circle DNS tests don't block spam from quite a lot of IPs. But how many of those are neither mail-servers, nor spammer controlled ip ranges. My guess is that the kind of spam your scheme would identify is mostly caught by other means. The chief problem is that there is no way to use this scheme until it has *very* high adoption, below 95% it wouldn't even be worth scoring at 0.5 in Spamassassin. With SPF you at least know the difference between a fail and a non-adopter. Whilst you could identify compliant servers there's no way that that would warrant anthing more than a nominal negative score. SPF_PASS scores -0.001 > > or can be easily worked around by spammers setting their own dns. > > Spammers can't create DNS records for hostnames for IPs they don't own > (don't have PTR authority delegated to them for). I was referring to IP ranges that they do control