Spammers Skirt IP Authentication Attempts
Dan Mahoney, System Admin
danm at prime.gushi.org
Mon Sep 6 20:24:24 UTC 2004
On Mon, 6 Sep 2004, Sean Donelan wrote:
Hrmmm, perhaps this hasn't been thought of yet, but this is a serious idea
for things like spamassassin, or the like. For this list of domains, a
decent twofold effort could happen:
1) A decent push on the part of pobox.com (previously, their focus has
been on protecting lots of senders, like AOL, or Earthlink), rather than
commonly-forged-phishers, to get these folks on board.
2) A big old warning (possibly for these domains themselves to opt into)
as a "we know we're high risk but we have an SPF record, please check it"
RDNSL.
It could even be used in some cases with SpamAssassin to inject a link
into the email for the location to report such forgeries. (Such info
could be kept in the RDNSL, for example).
Knowledge is Power.
-Dan
>
> Although SenderID (or whatever the final name is) is not completed yet,
> SPF has been around for a while and some people have been using it. But
> who? Do domains with SPF records have fewer phishing attacks? Fewer
> virus bounce-backs? Fewer spam forgiers?
>
> According to the Anti-Phishing Working Group, these are the most phished
> companies. How many are using SPF? I checked the most obvious domain name
> for the companies (.COM and their country variant e.g. .CO.UK)
>
> Company Name Has SPF TXT record
>
> Citibank NO
> eBay NO
> US Bank NO
> Paypal NO
> Fleet NO
> LLoyds NO
> Barclays NO
> AOL YES
> Halifax NO
> Westpac NO
> FirstUSA NO
> VISA NO
> Earthlink YES
> e-gold NO
> Bank One NO
> Bendigo NO
> HSBC NO
> MBNA NO
> Suntrust NO
> Verizon NO
>
--
"there is no loyalty in the business, so we stay away from things that piss people off"
-The Boss, November 12, 2002
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
More information about the NANOG
mailing list