Spammers Skirt IP Authentication Attempts
Edward B. Dreger
eddy+public+spam at noc.everquick.net
Mon Sep 6 22:36:54 UTC 2004
JB> Date: Mon, 06 Sep 2004 13:42:22 -0600
JB> From: Jawaid Bazyar
JB> 1) Domains spammers own will quickly become blacklisted.
JB> Spammers will be forced to purchase register tons of
JB> domains in order to continue spamming. However their
Or use SPF-less domains.
JB> 2) Pressure will quickly mount on domains that don't
JB> facilitate authentication, with the effect snowballing
JB> over time. This will ensure system-wide adoption of close
JB> to 100% fairly quickly.
There's a spark of optimism buried deep inside me that really
wants to believe that. SAV has made me more cynical. :-/
JB> There's something else you're not granting here, however.
JB> Once the domains that are commonly used for forged headers
JB> get "protected" with an authentication mechanism, I as a
JB> system administrator no longer have to spend excessive time
JB> and effort trying to distinguish between spam with that
JB> domain name and legitimate email with that domain name.
Agreed entirely; IIRC, I think I said something similar a few
weeks back. SPF is a useful data point -- we use ~19 RBLs as
data inputs, and no one can authoritatively nail email as spam.
Even if "SPF pass" is totally useless, I'd be surprised if "SPF
fail" didn't indicate a high probability of spam.
JB> Instead of lookups on numerous RBLs and numerous other CPU
JB> and network-intensive checks, I can simply trust email from
JB> aol.com, msn.com, hotmail.com, yahoo.com - and these comprise
JB> enough of my email load that I will get an instant resource
JB> utilization benefit from knowing that email from @yahoo.com
JB> is really from @yahoo.com and short-circuiting all the spam
JB> checks I usually do.
Very good point. No disagreement here. However, I didn't like
the article's overgeneralized "News flash! whitelisting all 'SPF
pass' entries will let spam by!" attitude. Anyone whitelisting
mail that has a valid SPF entry is nuts.
JB> Thus even if authentication should never become 100% and even
JB> if it doesn't stop spam, I still get a net benefit.
Definitely. It's increased information... not enough for
"perfect" decisions, but enough for "better" decisions.
Eddy
--
Everquick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
More information about the NANOG
mailing list