Request: Please sign this list's messages via DKIM or SPF

Vincent Fox vbfox at ucdavis.edu
Mon Apr 4 17:02:17 EDT 2016



On 04/04/2016 09:43 AM, Binarus via Info-cyrus wrote:
> But the spammer then first has to get a domain and then has to set up the DNS entries, which obviously is too complicated for most spammers. Furthermore, I am constantly seeing messages trying to get into the server which originate from dynamic IP addresses.
"Too complicated"?  The people setting up shop in the new ICANN gTLD
zones seem savvy enough to spend an extra minute defining
the TXT record for it.

Pulled several spam domains off my logs, they have 'em

[root at mx1 log]# dig txt +short purning.top
"v=spf1 a mx ip4:216.169.122.0/24 -all"

[root at mx1 log]# dig txt +short whicanion.top
"v=spf1 a mx ip4:216.169.125.0/24 -all"
"v=spf1 redirect=_spf.mailhostbox.com"

I'll admit I am testing SPF as a greylisting measure.
Your IP gets hardfail, you get 5min deferral.

I don't delude myself it does anything other than catch maybe
5-10% of spammers that don't bother with retries.  More often it
seems to catch people like a major network backbone operation
that OUGHT to know better, that has no SPF and acted like it
was going to require committees and 2 months for the
brain surgery.

YMMV indeed.




More information about the Info-cyrus mailing list