Educause Security Discussion mailing list archives
Re: Blacklists - URL and IP
From: Information Security <infosecurity () UTPA EDU>
Date: Thu, 16 Jun 2005 15:31:15 -0500
I believe in SPF records, it is that I do not think they help much now. I will keep 'reminding' our enterprise mail administrators about the need to check mail going through our relays for SPF records and just dropping spam without a reject message that causes additional clutter in the Ether.
That's a waste of time. Spammers have more SPF records in place than legitimate senders. SPF only works in conjunction with a white list. For example you might have a small list of companies such as ebay, yahoo, etc, and reject mail from those domains which don't match their SPF records. However you cannot make any conclusions at all about a domain who you do not specifically know, based on the presence or absence of an SPF record. SPF is a big fat waste of time in my opinion. Like most of these things sponsored by big corporations, they protect the so-called "legitimate mass mailers" more than they help reduce spam. By the way, here at UTPA we have implemented greylisting coupled with a short (about 100 entries) blacklist compiled manually by examining spam headers and cross-checking against other lists to confirm they are egregious spammers; we no longer have a spam problem. greylisting is so effective that there is hardly any spam left for our 'traditional' bayesian filter. Graham PS You're right about dropping mail at the MTA. I don't think you should *ever* send an email to say that an email has been rejected, nowadays.
Current thread:
- Blacklists - URL and IP Dennis Meharchand, CEO Valt.x (Jun 16)
- <Possible follow-ups>
- Re: Blacklists - URL and IP Joe St Sauver (Jun 16)
- Re: Blacklists - URL and IP Bill Kyle (Jun 16)
- Re: Blacklists - URL and IP James Riden (Jun 16)
- Re: Blacklists - URL and IP Information Security (Jun 16)
- Re: Blacklists - URL and IP Joe St Sauver (Jun 16)
- Re: Blacklists - URL and IP Dave Koontz (Jun 16)
- Re: Blacklists - URL and IP Graham Toal (Jun 17)
- Re: Blacklists - URL and IP Dave Koontz (Jun 23)
- Re: Blacklists - URL and IP Valdis Kletnieks (Jun 23)