North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Spammers Skirt IP Authentication Attempts

  • From: Dan Mahoney, System Admin
  • Date: Mon Sep 06 16:22:04 2004

On Mon, 6 Sep 2004, Sean Donelan wrote:

Hrmmm, perhaps this hasn't been thought of yet, but this is a serious idea for things like spamassassin, or the like. For this list of domains, a decent twofold effort could happen:

1) A decent push on the part of pobox.com (previously, their focus has been on protecting lots of senders, like AOL, or Earthlink), rather than commonly-forged-phishers, to get these folks on board.

2) A big old warning (possibly for these domains themselves to opt into) as a "we know we're high risk but we have an SPF record, please check it" RDNSL.

It could even be used in some cases with SpamAssassin to inject a link into the email for the location to report such forgeries. (Such info could be kept in the RDNSL, for example).

Knowledge is Power.

-Dan


Although SenderID (or whatever the final name is) is not completed yet,
SPF has been around for a while and some people have been using it.  But
who?  Do domains with SPF records have fewer phishing attacks?  Fewer
virus bounce-backs?  Fewer spam forgiers?

According to the Anti-Phishing Working Group, these are the most phished
companies.  How many are using SPF? I checked the most obvious domain name
for the companies (.COM and their country variant e.g. .CO.UK)

Company Name Has SPF TXT record

Citibank		NO
eBay			NO
US Bank			NO
Paypal			NO
Fleet			NO
LLoyds			NO
Barclays		NO
AOL			YES
Halifax			NO
Westpac			NO
FirstUSA		NO
VISA			NO
Earthlink		YES
e-gold			NO
Bank One		NO
Bendigo			NO
HSBC			NO
MBNA			NO
Suntrust		NO
Verizon			NO


--

"there is no loyalty in the business, so we stay away from things that piss people off"

-The Boss, November 12, 2002

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------