Re: [Asrg] Re: SPF abused by spammers

[Barry Shein <bzs at world.std.com>]

On September 10, 2004 at 11:05 sethb at panix.com (Seth Breidbart) wrote:
 > It's an arms race, as always.  No single weapon wins.

This is a cliche which could apply just as well to painting ourselves
blue and dancing a cha-cha.

 > SPF helps.  Here's how, in the presence of domain-burning
 > SPF-publishing spammers:
 > 
 > 1. Greylisting:  Email from a new domain that passes SPF is greylisted
 >    for 30 minutes.

What about from the huge dialup/ppp domain pools like AOL, ATT,
earthlink, tiscali, interbusiness, tpnet.pl, retevision.es,
prod-infinitum.mx, plala.or.jp, hkcable.com.hk, comcast, verizon, etc
etc etc etc.?

Because it's zombie'd PCs on those broadband nets which account for
nearly all the spam.

 > 2. Spamtraps: Email that hits a spamtrap, and which passes SPF, causes
 >    the domain to be blacklisted.  This will typically take well under
 >    30 minutes for a serious spam run.
 > 
 > 3. When the greylisting expires, the domain is blacklisted.
 > 
 > The spammer has an incentive to push out crap quickly, in order to get
 > a lot past the non-greylisting receivers before he hits the blacklist;
 > he also has an incentive to push crap out slowly, hoping to get some
 > through to the greylisting sites before he hits the blacklists.

This is a vague, probabilistic attack on an outdated method of
spamming.

-- 
        -Barry Shein

Software Tool & Die    | bzs at TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg