[unisog] Numeric SPAM

Micheal Cottingham micheal.cottingham at sv.vccs.edu
Tue Jun 6 16:27:16 GMT 2006


It was my understanding that the spammers were using the forged envelope
sender as the person they were sending to. If I misread that, perhaps I
should eat some more sugar to wake up. :D For my personal domains at
least, I do use a -all for hardfail. I also use some filtering on my
Exim install, SpamAssassin with some custom rulesets and the added bonus
of teergrube, graylisting, and various other tricks, and soon I'll be
adding DCC to the mix. So no, I don't add all my eggs to the SPF basket.
:) That aside, I've still not seen anything come across work or personal
domain or gmail account.

Valdis.Kletnieks at vt.edu wrote:
> On Tue, 06 Jun 2006 11:23:39 EDT, Micheal Cottingham said:
>   
>> For my personal servers I use SPF, so I'll probably not see any of
>> these.
>>     
>
> SPF will only block it if the spammer is using a purported From: that
> actually has a published SPF value that ends with a -all hardfail.  Between
> the 70% or more domains that don't publish an SPF, and the majority that
> *do* publish but end it with a ~all softwail, SPF won't be making much of
> a dent.
>
> And that's probably SPF's biggest problem - you can't really *rely* on it
> to stop forgeries until a vast majority of sites publish a hardfail SPF,
> including *all* the 800pound gorillas.  AOL has a ?all, Hotmail and MSN
> both show a ~all.  And so on.
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
>   



More information about the unisog mailing list