Spam Free Email

I read an article today (that I already lost the link to) that was talking about how spammers are using SPF on their throw away domains and domain administrators are using SPF incorrectly. Their conclusion was that SPF or Sender ID was not a good technology for fighting spam.

Personally I think they didn’t get the point. SPF is one technology for fighting spam, not the only technology. If SPF can be used to filter out some email then it will work for what it is designed to do.

As for the people who don not have SPF configured properly or they having users who are not using the authorized server, how is this a problem with the technology. Greater adoption of SPF would eventually root out these problem, as domain admins get reports of problems from their users.

Right now I am getting one type of spam that is driving me crazy, spam from my own domain name that is not originating from my servers. SPF is the perfect technology for this category of spam, where RBLs and bayesian filters are better for other types of spam.

In the end, no one anti-spam technology is going to win the battle. But a toolkit of technologies that work together each solving a distinct part of the problem will stem the tide and again make email the killer app that is was.

In the past few weeks I’ve been running into more and more references that mail servers are being configured to look at the Reverse DNS entries and if there no entry the messages should be considered spam.

Apart from the fact that I currently don’t have an RDNS entry for my own mail server, I an certainly see the logic in this.

Most fly by night mail servers are going to be setup as quickly as possible. They also want as few ways to track information back to themselves as possible. So RDNS is simply something that they won’t take the time to setup.

The only flaw in this logic comes when ISP automatically setup RNDS on all of their IP addresses. Then any mail server on those addresses is automatically immune to this technique of trying to detect them. The hope here is that they will have to move to another mail server soon enough and that they next ISP won’t have set this up.

I suppose this lends credence to the length of time a domain name has been registered as well. With the basic logic being that domain names that are less then say a month old are more likely to send spam then domains names that have been around for years.

This takes into account that spammers many times just buy throw away domains and never bother to renew them once they come up for renewal.

Another thing to look at on the domain side is how long until the domain name expires. If the term is less then one year the domain name would be less important to the person that owns it then a domain name that will expire in two or five or ten years.

So if a domain is less then a month old and will expire in less then a year the likely hood of the domain sending spam message is quite high in my opinion, but that is all it is … an opinion.

[tag]DNS, Reverse DNS, rdns, spam[/tag]

To the past few days I’ve been getting more and more e-mail messages that are forging my own domain name to try and get a read them. So this is just a little thank you sent out to all the spammers who decided to forge my domain name, of which I am the only person that has an e-mail address, thinking that some random string of characters will get me to read the e-mail message.

Now of course this has been getting caught in my quarantine since the messages can’t get past the rest of the filters at spam free e-mail. A decent number of these spam and messages have been getting caught and placed in my bad list, although none of them have managed to make it into my actual e-mail in-box.

The reason I’m thanking spammers for this barrage of messages forging my own domain name is that I needed some inspiration of late, and they have now provided it. After looking at the messages I have come to the conclusion that they would have very easily failed in the SPF test. I had placed creating my own SPF filter on the back burner for while; I have almost everything in place for it except the actual logic to do the IP address checking.

Now thanks to a litany of messages to which I know for a fact have not come from my own domain name, or my e-mail servers for that matter I have been annoyed into action. It may not be today or tomorrow but definitely this has moved to the top of my priority list. So hopefully by the end of this week or next I will have my SPF filter in place.