[77777] in North American Network Operators' Group
Sender authentication & zombies (was Re: Time to check the rate limits on your mail servers)
daemon@ATHENA.MIT.EDU (J.D. Falk)
Sat Feb 5 12:39:59 2005
Date: Sat, 5 Feb 2005 09:39:31 -0800
From: "J.D. Falk" <jdfalk@cybernothing.org>
To: nanog@merit.edu
In-Reply-To: <1107555052.10107.48.camel@SJC-Office-DHCP-156.mail-abuse.org>
Errors-To: owner-nanog-outgoing@merit.edu
On 02/04/05, Douglas Otis <dotis@mail-abuse.org> wrote:
> Attempting to detect spam trickled through thousands of compromised
> systems sent through the ISP's mail servers, SPF does nothing,
Nor is it purported to. Domain-based authentication schemes
are intended to handle an entirely different problem.
> and could
> actually damage the reputation of those domains that authorize the
> provider for their mailbox domain using SPF. These records can be read
> by the spammers and then exploited. Repairing this reputation could be
> next to impossible.
You touch on some basic realities here:
1. spam coming out of your network will affect your
reputation.
2. spam coming out of your own mail machines will affect
your reputation even more immediately.
Neither are affected by any of the domain authentication schemes
currently in play (SPF, SenderID, DomainKeys, etc.) The spam
itself may include forgeries, but that's a different issue.
--
J.D. Falk uncertainty is only a virtue
<jdfalk@cybernothing.org> when you don't know the answer yet
