Re: Blacklists - URL and IP

[Information Security <infosecurity () UTPA EDU>]

> I believe in SPF records, it is that I do not think they help much now. I will
> keep 'reminding' our enterprise mail administrators about the need to check
> mail going through our relays for SPF records and just dropping spam without
> a reject message that causes additional clutter in the Ether.
That's a waste of time.  Spammers have more SPF records in place than
legitimate senders.

SPF only works in conjunction with a white list.  For example you might
have a small list of
companies such as ebay, yahoo, etc, and reject mail from those domains
which don't match
their SPF records.  However you cannot make any conclusions at all about
a domain who
you do not specifically know, based on the presence or absence of an SPF
record.

SPF is a big fat waste of time in my opinion.  Like most of these things
sponsored by
big corporations, they protect the so-called "legitimate mass mailers"
more than they
help reduce spam.

By the way, here at UTPA we have implemented greylisting coupled with a
short (about 100 entries)
blacklist compiled manually by examining spam headers and cross-checking
against other lists
to confirm they are egregious spammers; we no longer have a spam
problem.  greylisting is
so effective that there is hardly any spam left for our 'traditional'
bayesian filter.


Graham
PS You're right about dropping mail at the MTA.  I don't think you
should *ever* send
an email to say that an email has been rejected, nowadays.