nanog mailing list archives

Re: Spammers Skirt IP Authentication Attempts

From: "Dan Mahoney, System Admin" <danm () prime gushi org>
Date: Mon, 6 Sep 2004 16:24:24 -0400 (EDT)


On Mon, 6 Sep 2004, Sean Donelan wrote:

Hrmmm, perhaps this hasn't been thought of yet, but this is a serious ideafor things like spamassassin, or the like. For this list of domains, adecent twofold effort could happen:

1) A decent push on the part of pobox.com (previously, their focus hasbeen on protecting lots of senders, like AOL, or Earthlink), rather thancommonly-forged-phishers, to get these folks on board.

2) A big old warning (possibly for these domains themselves to opt into)as a "we know we're high risk but we have an SPF record, please check it"RDNSL.

It could even be used in some cases with SpamAssassin to inject a linkinto the email for the location to report such forgeries. (Such infocould be kept in the RDNSL, for example).


Knowledge is Power.

-Dan


Although SenderID (or whatever the final name is) is not completed yet,
SPF has been around for a while and some people have been using it.  But
who?  Do domains with SPF records have fewer phishing attacks?  Fewer
virus bounce-backs?  Fewer spam forgiers?

According to the Anti-Phishing Working Group, these are the most phished
companies.  How many are using SPF? I checked the most obvious domain name
for the companies (.COM and their country variant e.g. .CO.UK)

Company Name            Has SPF TXT record

Citibank                NO
eBay                    NO
US Bank                 NO
Paypal                  NO
Fleet                   NO
LLoyds                  NO
Barclays                NO
AOL                     YES
Halifax                 NO
Westpac                 NO
FirstUSA                NO
VISA                    NO
Earthlink               YES
e-gold                  NO
Bank One                NO
Bendigo                 NO
HSBC                    NO
MBNA                    NO
Suntrust                NO
Verizon                 NO


--

"there is no loyalty in the business, so we stay away from things that piss people off"

-The Boss, November 12, 2002

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------

Current thread:

Re: Spammers Skirt IP Authentication Attempts, (continued)
- - - Re: Spammers Skirt IP Authentication Attempts Dan Mahoney, System Admin (Sep 08)
    - Re: Spammers Skirt IP Authentication Attempts Susan Harris (Sep 08)
    - Re: Spammers Skirt IP Authentication Attempts Paul Vixie (Sep 08)
    - Re: Spammers Skirt IP Authentication Attempts Douglas Otis (Sep 08)
    - Re: Spammers Skirt IP Authentication Attempts Peter Corlett (Sep 08)
    - Re: Spammers Skirt IP Authentication Attempts Stephane Bortzmeyer (Sep 10)
    - Re: Spammers Skirt IP Authentication Attempts Paul Vixie (Sep 10)
    - Message not available
    - Re: Spammers Skirt IP Authentication Attempts Paul Jakma (Sep 08)
    - Re: Spammers Skirt IP Authentication Attempts Paul Vixie (Sep 08)
- Re: Spammers Skirt IP Authentication Attempts Sean Donelan (Sep 06)
  - Re: Spammers Skirt IP Authentication Attempts Dan Mahoney, System Admin (Sep 06)
    - Re: Spammers Skirt IP Authentication Attempts Niels Bakker (Sep 06)
    - Re: Spammers Skirt IP Authentication Attempts Peter Corlett (Sep 06)
    - Re: Spammers Skirt IP Authentication Attempts Richard Welty (Sep 06)
- Re: Spammers Skirt IP Authentication Attempts Paul Vixie (Sep 06)
  - Re: Spammers Skirt IP Authentication Attempts Mark Jeftovic (Sep 06)
    - Re: Spammers Skirt IP Authentication Attempts Rich Kulawiec (Sep 08)
    - Re: Spammers Skirt IP Authentication Attempts Michael . Dillon (Sep 08)
    - Re: Spammers Skirt IP Authentication Attempts Richard Cox (Sep 08)
    - Re: Spammers Skirt IP Authentication Attempts Suresh Ramasubramanian (Sep 08)
    - Re: Spammers Skirt IP Authentication Attempts Paul Vixie (Sep 08)

(Thread continues...)