Security Incidents mailing list archives

Re: Massive SPAM Increase

From: gabriel rosenkoetter <gr () eclipsed net>
Date: Mon, 16 Oct 2006 11:57:47 -0400

On Sat, Oct 14, 2006 at 12:17:51PM -0500, Paul Schmehl wrote:

It appears that what you're missing is that this one "flaw" is not enough 
to get mail rejected by policyd-weight.


What you're missing is that the assumption that systems sending
valid mail will always (or even will usually) be listed in DNS is
fundamentally wrong and should never be used even as a weighted
guess to indicate spam.

In fact, what's listed in the MX record in DNS is systems where email
should be sent. For any company larger than 50 employees, that's
probably not the same as from where one could reasonably expect
legitimate email.

DNS provides no assertion about the sending of email, and any system
that operates under the assumption that it does is inherently
broken, because it'll get a false positive on better than half of
the valid emails out there. It's a useless heuristic.

-- 
gabriel rosenkoetter
gr () eclipsed net

Attachment: _bin
Description:

Current thread:

Re: Massive SPAM Increase {-2.6} {-2.6}, (continued)
- - - Re: Massive SPAM Increase {-2.6} {-2.6} Tim (Oct 09)
    - Re: Massive SPAM Increase {-2.6} {-2.6} Brent Kearney (Oct 09)
    - Re: Massive SPAM Increase {-2.6} {-2.6} Paul Schmehl (Oct 09)
    - Re: Massive SPAM Increase {-2.6} {-2.6} Graeme Fowler (Oct 09)
    - Re: Re: Massive SPAM Increase {-2.6} {-2.6} Luke Burton (Oct 09)
    - Re: Massive SPAM Increase Tillmann Werner (Oct 10)
    - Re: Massive SPAM Increase {-2.6} {-2.6} Valdis . Kletnieks (Oct 16)
    - Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Paul Schmehl (Oct 16)
    - Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Valdis . Kletnieks (Oct 16)
    - Re: ***SPAM*** Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Paul Schmehl (Oct 16)
    - Re: Massive SPAM Increase gabriel rosenkoetter (Oct 16)
    - Re: Massive SPAM Increase Jamie Riden (Oct 17)
    - Re: ***SPAM*** Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Dude VanWinkle (Oct 17)
    - Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} benfell (Oct 16)
    - Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Paul Schmehl (Oct 16)
    - Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} gabriel rosenkoetter (Oct 17)
    - Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Valdis . Kletnieks (Oct 16)
    - Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Paul Schmehl (Oct 16)
    - Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} gabriel rosenkoetter (Oct 17)
    - Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Valdis . Kletnieks (Oct 17)
    - Re: ***SPAM*** Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Paul Schmehl (Oct 17)

(Thread continues...)