Eugene Smiley on 1 Sep 2005 00:47:14 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Verizon blacklist?


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

George A. Theall wrote:
> On Wed, Aug 31, 2005 at 03:58:15PM -0400, Eugene Smiley wrote:
>
>>> Let me turn that around... What good are such whitelists when
>>> spammers are on one hand publishing SPF records and on the
>>> other injecting mail through means that SPF records claim are
>>> acceptable?
>>
>>RHSBLs.
>
> ...
>
>>Straight from the FAQ:
>
> How about the second half of my question? Recently, approximately
> 25% of my spam load comes directly from Hotmail (eg,
> "bay15-f3.bay15.hotmail.com"). While I haven't bothered to check,
> I assume @hotmail.com mail originating from such hosts is ok
> according to their SPF records.

If you don't check then how do you know that it's really coming from
bay15-f3.bay15.hotmail.com? It's just as easy to spoof received lines
as it is to spoof FROM and MAIL FROM...

You are also relating to the wrong part of the email. What SPF
Classic checks is the MAIL FROM aka ENVELOPE FROM, and unless your
MTA is set up to add an Envelope-From: header line you'll never know
what it is once the message is accepted by the SMTP server. It just
disappears. You might be able to find it in the logs, but it won't be
fun.




-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQxZPNOkD7QKn7f0vEQJ6LwCdHo4xDTnOkcfHl7UJBP6/KvRlSp0AoKvU
C4tqydaJMVoU/UpJW8CMUbbf
=fkeR
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug