SPF for forgery prevention (was Re: [linux-elitists] http get vs post...)
Sat Oct 25 21:28:58 PDT 2003
On Sun, Oct 26, 2003 at 02:11:15AM +0000, Karsten M. Self wrote:
> on Sat, Oct 25, 2003 at 02:03:36PM -0700, Josh Neal (email@example.com) wrote:
> > On Sat, Oct 25, 2003 at 04:15:15AM +0100, Karsten M. Self wrote:
> > >
> > > Better: come up with a system that works, immediately, if _one_ end of
> > > the system is smart, isn't vulnerable to misleading information from a
> > > remote host. And has minimal downsides in the event someone's
> > > wires get crossed over whether or not a host is valid.
> > Isn't this what http://www.senderbase.org/ provides?
> > [ Disclaimer: my $DAYJOB is with IronPort ]
> You need to improve your marketing. I wasn't aware of this.
We're working on it. SenderBase (and its sister program, BondedSender) are still under development.
> And in answer to your question: not quite.
> Example: this IP turned up in a spam I received today:
> What I *don't* get, however, is what I specifically mentioned: the
> spamminess/hamminess of the IP. There _is_ useful information which can
> help confirm suspicions (e.g.: the sudden burst in traffic on this IP),
> but I don't see the specific information which would be most helpful.
Actually, you _do_ get this information, it's just not particularly obvious. Thethe SenderBase Reputation Score indicates where the IP falls on the spam/ham line. For your example, 188.8.131.52, the score is -1.4, indicating a possible spammer.
In the near future, the reputation score will be available through a DNSBL-style query. Documentation explaining how the score is derived should be available then as well.
"I would kill everyone in this room for a drop of sweet beer."
-- Homer Simpson
More information about the linux-elitists