SPF wildcards by spammers
Matt Kettler
mkettler at evi-inc.com
Tue Sep 4 23:09:28 IST 2007
Hugo van der Kooij wrote:
> Hi,
>
> I was debugging a Barracuda when I noticed an interresting thing. I saw
> email coming in from a domain which is clearly for spam related to those
> blue pills for men.
>
> They have a SPF record but it is a "everything goes" one. I guess it is
> intended to try to bypass filters.
>
> If it becomes more common we might wish to use this knowledge to fight
> back against spammers.
>
Interesting.. Stupid on their part, but interesting.
This is definitely something we can use against them, and something that offers
the spammer no benefit (unless someone has badly misused SPF).
I'm pretty sure it would be easy to add a rule for this to SpamAssassin.. might
require a little rewrite of the SPF plugin code, but if it becomes common
enough, the SA devs would probably jump on it..
More information about the MailScanner
mailing list