SPF for forgery prevention (was Re: [linux-elitists] http get vs post...)

Josh Neal josh@unixmercenary.net
Sat Oct 25 21:28:58 PDT 2003

On Sun, Oct 26, 2003 at 02:11:15AM +0000, Karsten M. Self wrote:
> on Sat, Oct 25, 2003 at 02:03:36PM -0700, Josh Neal (josh@unixmercenary.net) wrote:
> > On Sat, Oct 25, 2003 at 04:15:15AM +0100, Karsten M. Self wrote:
> > > 
> > > Better:  come up with a system that works, immediately, if _one_ end of
> > > the system is smart, isn't vulnerable to misleading information from a
> > > remote host.  And has minimal downsides in the event someone's
> > > wires get crossed over whether or not a host is valid.
> > 
> > Isn't this what http://www.senderbase.org/ provides?
> > 
> > [ Disclaimer: my $DAYJOB is with IronPort ]
> You need to improve your marketing.  I wasn't aware of this.

We're working on it. SenderBase (and its sister program, BondedSender) are still under development.

> And in answer to your question:  not quite.
> Example:  this IP turned up in a spam I received today:
>     http://www.senderbase.org/search?searchString=
> What I *don't* get, however, is what I specifically mentioned:  the
> spamminess/hamminess of the IP.  There _is_ useful information which can
> help confirm suspicions (e.g.:  the sudden burst in traffic on this IP),
> but I don't see the specific information which would be most helpful.

Actually, you _do_ get this information, it's just not particularly obvious. Thethe SenderBase Reputation Score indicates where the IP falls on the spam/ham line. For your example,, the score is -1.4, indicating a possible spammer. 

In the near future, the reputation score will be available through a DNSBL-style query. Documentation explaining how the score is derived should be available then as well.


Josh Neal
"I would kill everyone in this room for a drop of sweet beer."
	-- Homer Simpson

More information about the linux-elitists mailing list