On 08/26/2015 03:38 PM, Peter wrote:
On 08/27/2015 07:29 AM, Alice Wonder wrote:
Maybe I'll start blocking any server with an SPF record that includes
more than 5 IP addresses,
That's not a very good idea. major ESPs (eg: gmail.com) have way more
IPs listed than that.
Yeah, I thought about that.
or servers where any host in the SPF record is in a DNS blacklist.
That could work better, but I would still say be careful, you could
certainly end up wih false positives doing this.
I would try to count 2 before rejecting I think.
Valid SPF reduces spam score with a lot of filter systems, but snowshoe
spammers can just modify the record at will to add whatever smtp servers
they currently are using.
If they are going to use SPF records to lower their score then I will
use SPF records to try to identify them.
False positives are a risk with any automated filter, but whitelists
like dnswl.org can help reduce that problem.
I suspect if somesite.tld has MTAs in the SPF list that it actually uses
and are on blacklists then somesite.tld already has mail delivery
problems it needs to address.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
