SPF wildcards by spammers

Matt Kettler mkettler at evi-inc.com
Tue Sep 4 23:09:28 IST 2007


Hugo van der Kooij wrote:
> Hi,
> 
> I was debugging a Barracuda when I noticed an interresting thing. I saw 
> email coming in from a domain which is clearly for spam related to those 
> blue pills for men.
> 
> They have a SPF record but it is a "everything goes" one. I guess it is 
> intended to try to bypass filters.
> 
> If it becomes more common we might wish to use this knowledge to fight 
> back against spammers.
> 

Interesting.. Stupid on their part, but interesting.

This is definitely something we can use against them, and something that offers 
the spammer no benefit (unless someone has badly misused SPF).

I'm pretty sure it would be easy to add a rule for this to SpamAssassin.. might 
require a little rewrite of the SPF plugin code, but if it becomes common 
enough, the SA devs would probably jump on it..






More information about the MailScanner mailing list