Spammers Skirt IP Authentication Attempts

Dan Mahoney, System Admin danm at prime.gushi.org
Mon Sep 6 20:24:24 UTC 2004


On Mon, 6 Sep 2004, Sean Donelan wrote:

Hrmmm, perhaps this hasn't been thought of yet, but this is a serious idea 
for things like spamassassin, or the like.  For this list of domains, a 
decent twofold effort could happen:

1) A decent push on the part of pobox.com (previously, their focus has 
been on protecting lots of senders, like AOL, or Earthlink), rather than 
commonly-forged-phishers, to get these folks on board.

2) A big old warning (possibly for these domains themselves to opt into) 
as a "we know we're high risk but we have an SPF record, please check it" 
RDNSL.

It could even be used in some cases with SpamAssassin to inject a link 
into the email for the location to report such forgeries.  (Such info 
could be kept in the RDNSL, for example).

Knowledge is Power.

-Dan

>
> Although SenderID (or whatever the final name is) is not completed yet,
> SPF has been around for a while and some people have been using it.  But
> who?  Do domains with SPF records have fewer phishing attacks?  Fewer
> virus bounce-backs?  Fewer spam forgiers?
>
> According to the Anti-Phishing Working Group, these are the most phished
> companies.  How many are using SPF? I checked the most obvious domain name
> for the companies (.COM and their country variant e.g. .CO.UK)
>
> Company Name		Has SPF TXT record
>
> Citibank		NO
> eBay			NO
> US Bank			NO
> Paypal			NO
> Fleet			NO
> LLoyds			NO
> Barclays		NO
> AOL			YES
> Halifax			NO
> Westpac			NO
> FirstUSA		NO
> VISA			NO
> Earthlink		YES
> e-gold			NO
> Bank One		NO
> Bendigo			NO
> HSBC			NO
> MBNA			NO
> Suntrust		NO
> Verizon			NO
>

--

"there is no loyalty in the business, so we stay away from things that piss people off"

-The Boss, November 12, 2002

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------




More information about the NANOG mailing list