[TriLUG] Another seal broken... thinking of installing a C/R anti-spam system
Brad Jorsch
anomie at users.sourceforge.net
Sun Jan 28 17:51:17 EST 2007
On Sun, Jan 28, 2007 at 02:54:50PM -0500, Daniel Sterling wrote:
>
> Basically, right now, we have IP-based RBLs. If all SMTP traffic were
> authenticated via SPF/DomainKeys, etc, we could instead have
> domain-based blacklists, which would raise the barrier to entry to
> sending email. Spammers would adapt by buying many domains and using
> distributed botnets to mass-sign messages, but this would be easier to
> defend against.
Personally, I think SPF looks fairly broken. It tries listing every
allowed sending host for a domain in one record, and has all sorts of
cruft to try to acount for possibilities of legitimate mail being sent
from other hosts.
CSV has a nicer approach, IMO. Lookup the HELO, get a list of SRV
records for hosts that can use that HELO. Then you can BL on the HELO.
I haven't looked into DKIM (the successor to DomainKeys) enough to have
much opinion. Except that i'm not sure the absence of a particular DKIM
signature can be enough to tell you the message is illegitimate any more
than I think SPF can tell you every possible server that can send
legitimate mail from a domain...
More information about the TriLUG
mailing list