SPF for forgery prevention (was Re: [linux-elitists] http get vs post...)
Sun Oct 26 17:55:53 PST 2003
* Karsten M. Self <firstname.lastname@example.org> [2003-10-26 04:39+0000]
> Suppose that domain example.com is represented in a large number of
> received emails, many of which are spoofed spam. For a classifier, this
> would be associated with a relatively high spam predictive score.
> Suppose that there are specific originating IPs which tend _not_ to
> originate spam, though the mail is from 'example.com'. For a contextual
> filter which looks at both putative sender ('From: ') *and* the
> originating IP ('Received: from'), 'example.com' + 'good IP' will have a
> low (probably negative) spam score. _Other_ combinations of example.com
> + 'arbitrary IP' will have high scores. This information will be based
> on the experience and assessment of the local site itself, and isn't
> sensitive to the ability of example.com to keep its DNS SPF records up
> to date.
Sounds good; do you happen to know if something like that has
been deployed, in e.g. spamassassin?
I have been using a simple whitelist system based on From: lines
for a few years, and I'm quite happy with it but some time ago
realized I might be better off whitelisting relay IP addresses
than From: lines. (but haven't made time to implement that)
Gerald Oskoboiny <email@example.com>
More information about the linux-elitists