Re: Returned mail spam - SpamAssassin

This is a discussion on Re: Returned mail spam - SpamAssassin ; Matus UHLAR - fantomas wrote: >>>>> But back on topic... the OP has been joe-jobbed. >>>>> > > >>> mouss wrote: >>> >>>> he's not the only one... seems there's a lot of backscatter coming in >>>> these days. >>>> ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: Returned mail spam

  1. Re: Returned mail spam

    Matus UHLAR - fantomas wrote:
    >>>>> But back on topic... the OP has been joe-jobbed.
    >>>>>

    >
    >
    >>> mouss wrote:
    >>>
    >>>> he's not the only one... seems there's a lot of backscatter coming in
    >>>> these days.
    >>>>
    >>>> Thanks for confirming that spf doesn't fix the problem.
    >>>>

    >
    > SPF is designed to fix the problem,


    ahuh? how would spf fix the problem if spam gets out from an authorized
    client (yahoo, google, hotmail, aol, ...). however you respond, you'll
    find out that such (ougoing) spam problem isn't fixed _by_ SPF. In
    particular, don't tell me "they will fix their outgoing spam".

    > however as many other standards it works
    > only if it's implemented.
    >
    >
    >> Steve Prior wrote:
    >>
    >>> The main problem with SPF is that most other servers out there don't
    >>> check it even if you set your own records correctly.
    >>>

    >
    > On 10.04.08 09:29, mouss wrote:
    >
    >> The question was whether spammers avoid joe jobbing addresses in domains
    >> that have SPF set (except with a +all). it seems some of them do and
    >> some don't.
    >>

    >
    > however some people can make false assumption that SPF is useless - it is
    > not. It is always good to have SPF (and DKIM, of course) and the more
    > servers will implement it, the more effe3ctive it will be.
    >
    >


    while I don't say that SPF is useless, you'll have a hard time
    convincing me that "it is always good to have SPF...".

    I personally have found that SPF causes more problems than it helps, and
    for that I do not recommend setting SPF record for "general use" domains.



  2. Re: Returned mail spam

    "mouss" wrote in message
    news:ftlb2t$1nqe$1@FreeBSD.csie.nctu.edu.tw...
    > Matus UHLAR - fantomas wrote:
    > >>>>> But back on topic... the OP has been joe-jobbed.
    > >>> mouss wrote:
    > >>>
    > >>>> he's not the only one... seems there's a lot of backscatter coming in
    > >>>> these days.
    > >>>>
    > >>>> Thanks for confirming that spf doesn't fix the problem.
    > >>>>

    > >
    > > SPF is designed to fix the problem,

    >
    > ahuh? how would spf fix the problem if spam gets out from an authorized
    > client (yahoo, google, hotmail, aol, ...). however you respond, you'll
    > find out that such (ougoing) spam problem isn't fixed _by_ SPF. In
    > particular, don't tell me "they will fix their outgoing spam".


    SPF isn't an anti-spam measure. It is an anti-FORGERY measure. You are
    correct that one can still get spammed from an "authorized source." Note
    that such strengthens the claim that the source IS the source of spam - i.e.
    the spammer cannot hide - one knows his domain. Same thing with domainkeys.
    The method only verifies its origin, not its content. Neither of these will
    stop spam from a botnet running a node on your infected machine - but will
    verify that you are in fact the source.



+ Reply to Thread