On 04/04/2016 09:43 AM, Binarus via Info-cyrus wrote:
But the spammer then first has to get a domain and then has to set up the DNS entries, which obviously is too complicated for most spammers. Furthermore, I am constantly seeing messages trying to get into the server which originate from dynamic IP addresses.
"Too complicated"? The people setting up shop in the new ICANN gTLD zones seem savvy enough to spend an extra minute defining the TXT record for it. Pulled several spam domains off my logs, they have 'em [root@mx1 log]# dig txt +short purning.top "v=spf1 a mx ip4:216.169.122.0/24 -all" [root@mx1 log]# dig txt +short whicanion.top "v=spf1 a mx ip4:216.169.125.0/24 -all" "v=spf1 redirect=_spf.mailhostbox.com" I'll admit I am testing SPF as a greylisting measure. Your IP gets hardfail, you get 5min deferral. I don't delude myself it does anything other than catch maybe 5-10% of spammers that don't bother with retries. More often it seems to catch people like a major network backbone operation that OUGHT to know better, that has no SPF and acted like it was going to require committees and 2 months for the brain surgery. YMMV indeed. ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
