SPF wildcards by spammers
Scott Silva
ssilva at sgvwater.com
Tue Sep 4 23:03:35 IST 2007
Hugo van der Kooij spake the following on 9/4/2007 2:43 PM:
> Hi,
>
> I was debugging a Barracuda when I noticed an interresting thing. I saw
> email coming in from a domain which is clearly for spam related to those
> blue pills for men.
>
> They have a SPF record but it is a "everything goes" one. I guess it is
> intended to try to bypass filters.
>
> If it becomes more common we might wish to use this knowledge to fight
> back against spammers.
>
> Hugo.
>
>
I see a lot of legit senders that are either testing SPF or are just clueless
and set their records this way. Even the wizard at the openspf site sets ~all
instead of -all, and people probably just run the wizard and copy and paste.
If the spamassassin people haven't bumped up a score over things like this, I
would have to say that it will have too many FP's. They have a large corpus of
messages to test against.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
More information about the MailScanner
mailing list