[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Re: SPF abused by spammers

To: asrg at ietf.org
Subject: Re: [Asrg] Re: SPF abused by spammers
From: Seth Breidbart <sethb at panix.com>
Date: Fri, 10 Sep 2004 11:05:28 -0400 (EDT)
In-reply-to: <20040910141730.GM44802@Space.Net> (message from Markus Stumpf on Fri, 10 Sep 2004 16:17:30 +0200)
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <C6DDA43B91BFDA49AA2F1E473732113E010BEB69@mou1wnexm05.vcorp.ad.vrsn.com> <A86FFBE0-02BB-11D9-97F8-000393DC31DA@bloomington.in.us> <20040910115033.GK44802@Space.Net> <56152ae9040910055755d8ad1d@mail.gmail.com> <20040910141730.GM44802@Space.Net>
Sender: asrg-bounces at ietf.org

It's an arms race, as always.  No single weapon wins.

SPF helps.  Here's how, in the presence of domain-burning
SPF-publishing spammers:

1. Greylisting:  Email from a new domain that passes SPF is greylisted
   for 30 minutes.

2. Spamtraps: Email that hits a spamtrap, and which passes SPF, causes
   the domain to be blacklisted.  This will typically take well under
   30 minutes for a serious spam run.

3. When the greylisting expires, the domain is blacklisted.

The spammer has an incentive to push out crap quickly, in order to get
a lot past the non-greylisting receivers before he hits the blacklist;
he also has an incentive to push crap out slowly, hoping to get some
through to the greylisting sites before he hits the blacklists.

Seth

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] Re: SPF abused by spammers
  - From: Barry Shein
- Re: [Asrg] Re: SPF abused by spammers
  - From: Markus Stumpf
- RE: [Asrg] Re: SPF abused by spammers
  - From: Tim Bedding

References:
- RE: [Asrg] Re: SPF abused by spammers
  - From: Hallam-Baker, Phillip
- Re: [Asrg] Re: SPF abused by spammers
  - From: Jim Witte
- Re: [Asrg] Re: SPF abused by spammers
  - From: Markus Stumpf
- Re: [Asrg] Re: SPF abused by spammers
  - From: Peter Bowyer
- Re: [Asrg] Re: SPF abused by spammers
  - From: Markus Stumpf

Prev by Date: Re: [Asrg] Re: SPF abused by spammers
Next by Date: Re: [Asrg] Re: SPF abused by spammers
Previous by thread: Re: [Asrg] Re: SPF abused by spammers
Next by thread: RE: [Asrg] Re: SPF abused by spammers
Index(es):
- Date
- Thread