--On 12 January 2009 12:41:31 -0500 Chris Lewis <clewis at nortel.com> wrote:
Ian Eiloart wrote:Of course they could, but wouldn't they be better advised to take responsibility for their domains, thus preventing me from having to deal with spam sent "from" their domain?Please describe a _practical_ way to deal with Russian or Ukrainian virus/botspammers forging our domains in their spewage.
Practical. Well, you're doing more than many people do. What I'm suggesting isn't going to fix the problem overnight, and not for any specific individual. This is a political issue, now given that the technologies exist. To solve the political problem, we need to convince others to publish the records, and to respect them.
When enough people are respecting SPF records with strong policies, then spammers will stop using domains that publish those records. They need their spam to be deliverable. Of course, that doesn't mean that they'll stop spamming, just that they'll stop using your domain. You'll benefit from reduced spam blowback. You'll benefit from improved reputation. You can benefit now by respecting your own SPF records - thus preventing spammers from spoofing "internal" email.
SPF? DKIM? We do SPF. We may end up doing DKIM some day. But it won't make a significant difference to what is being _sent_.
This is vaguely reminiscent of the complainer who, when I pointed out that our domain in his complaint was forged, replied with "well, you must be doing something bad if they're forging you like that". Splorf. "Bad" for whom? ;-) _______________________________________________ Asrg mailing list Asrg at irtf.org http://www.irtf.org/mailman/listinfo/asrg
-- Ian Eiloart IT Services, University of Sussex x3148 _______________________________________________ Asrg mailing list Asrg at irtf.org http://www.irtf.org/mailman/listinfo/asrg