Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6}

[Valdis.Kletnieks () vt edu]

On Mon, 16 Oct 2006 12:39:40 CDT, Paul Schmehl said:
> --On Monday, October 16, 2006 13:29:59 -0400 Valdis.Kletnieks () vt edu wrote:
> > What Paul is *trying* to do is deal with the fact that any Windows-like
> > box with spamware is *also* configured to send mail out.
> >
> > What he's *looking* for is called "SPF", not "outbound MX".
> For various reasons, which you can easily google, I don't think spf (at
> least in its present form) is a useful solution.

You think that SPF (where you ask what a sites expected outbound servers
are, to tell if you're getting it from an expected source) is broken,
but you think that looking at a site's list of *inbound* to identify
outbound servers is *sensible*??!?

I'm going to go out on a limb here, and predict that if *anything*, getting
mail *from* a site listed in an MX is a sign that it's probably spam.

Why?

If the site is large enough to hire a competent admin, they probably have a
split in/out configuration.  And if they outsourced to Postini or someplace,
again it would be a split in/out configuration. If they're small enough to do
it all with one server, they're probably not big enough to hire experienced
people.

As a result, if you hear from that site, it's much more likely that it's some
spammer abusing a vulnerable PHP script on the server (hey, if one box is both
in and out mail, it's likely the web server too...), than an actual person
trying to get hold of you.

(The other possibility is that the site is misconfigured and as a result does
accept-then-bounce and/or virus-scanner spewback, both of which count as spam
in my book...)

Attachment: _bin
Description: