spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From RW <rwmailli...@googlemail.com>
Subject Re: Spam filtering similar to SPF, less breakage
Date Tue, 09 Feb 2010 22:29:12 GMT
On Tue, 9 Feb 2010 14:15:37 -0500
Darxus@ChaosReigns.com wrote:

> On 02/09, RW wrote:
> > A compromised webserver with full-circle DNS would be caught by
> > this. My point is that is the only class of spam that this could
> > help with
> 
> Ah, sorry, I thought you meant mail server.
> 
> Still, I don't understand why you're saying this.
> 
> It would also block, for example, spam from a dynamic cablemodem IP.

Aside from a few corner cases, I don't see any advantage over checking
for full circle DNS

> And everything that it didn't block could be blocked by blacklisting
> domains which have MTX records for spamming IPs.

The same thing applies to full circle DNS

> > Every thing else is either handled by full-circle and no DNS tests,
> 
> Full circle DNS tests don't block spam from quite a lot of IPs.

But how many of those are neither mail-servers, nor spammer controlled
ip ranges. My guess is that the kind of spam your  scheme would
identify is mostly caught by other means.

The chief problem is that there is no way to use this scheme until it
has *very* high adoption, below 95% it wouldn't even be worth scoring
at 0.5 in Spamassassin. With SPF you at least know the difference
between a fail and a non-adopter. Whilst you could identify compliant
servers there's no way that that would warrant anthing more than a
nominal negative score. SPF_PASS scores -0.001


> > or can be easily worked around by spammers setting their own dns.
> 
> Spammers can't create DNS records for hostnames for IPs they don't own
> (don't have PTR authority delegated to them for).

I was referring to IP ranges that they do control

Mime
View raw message