[CentOS] please block user

Wed Aug 26 23:01:34 UTC 2015
Alice Wonder <alice at domblogger.net>


On 08/26/2015 03:38 PM, Peter wrote:
> On 08/27/2015 07:29 AM, Alice Wonder wrote:
>> Maybe I'll start blocking any server with an SPF record that includes
>> more than 5 IP addresses,
>
> That's not a very good idea.  major ESPs (eg: gmail.com) have way more
> IPs listed than that.

Yeah, I thought about that.

>
>> or servers where any host in the SPF record is in a DNS blacklist.
>
> That could work better, but I would still say be careful, you could
> certainly end up wih false positives doing this.

I would try to count 2 before rejecting I think.

Valid SPF reduces spam score with a lot of filter systems, but snowshoe 
spammers can just modify the record at will to add whatever smtp servers 
they currently are using.

If they are going to use SPF records to lower their score then I will 
use SPF records to try to identify them.

False positives are a risk with any automated filter, but whitelists 
like dnswl.org can help reduce that problem.

I suspect if somesite.tld has MTAs in the SPF list that it actually uses 
and are on blacklists then somesite.tld already has mail delivery 
problems it needs to address.