[CentOS] please block user
Alice Wonder
alice at domblogger.net
Wed Aug 26 23:01:34 UTC 2015
On 08/26/2015 03:38 PM, Peter wrote:
> On 08/27/2015 07:29 AM, Alice Wonder wrote:
>> Maybe I'll start blocking any server with an SPF record that includes
>> more than 5 IP addresses,
>
> That's not a very good idea. major ESPs (eg: gmail.com) have way more
> IPs listed than that.
Yeah, I thought about that.
>
>> or servers where any host in the SPF record is in a DNS blacklist.
>
> That could work better, but I would still say be careful, you could
> certainly end up wih false positives doing this.
I would try to count 2 before rejecting I think.
Valid SPF reduces spam score with a lot of filter systems, but snowshoe
spammers can just modify the record at will to add whatever smtp servers
they currently are using.
If they are going to use SPF records to lower their score then I will
use SPF records to try to identify them.
False positives are a risk with any automated filter, but whitelists
like dnswl.org can help reduce that problem.
I suspect if somesite.tld has MTAs in the SPF list that it actually uses
and are on blacklists then somesite.tld already has mail delivery
problems it needs to address.
More information about the CentOS
mailing list