Re: [CORE] SPF Record ...

On Mon, Nov 20, 2006 at 08:28:07AM +0000, Dave Page wrote:
> (perhaps the majority) of spam is sent through trojans running on poorly
> secured Windows boxes.

Right.  I didn't really want to get into this level of detail on
list, but here we go.

Note that they're not just "poorly secured".  They're _default_
Windows boxes.  That is, it is now nearly impossible to
download all the patches for a bog-standard WinXP installation before
the machine is compromised.  Which means that merely by reinstalling
the operating system, many users are all but guaranteeing that
they'll be part of a botnet in no time.  And since the solution to a
lot of Windows problems is "reinstall", you can see what happens.

The attackers, including spam operators, build networks of
_thousands_ of these things.  You can have such a pre-built net for
your own use for next to no money, or build your own for very little
effort with downloadable tools floating around the Net.  Every one of
those machines will be authenticated to its mail domain; and, if the
machine is sending spam, then that spam is authenticated as well as
any other mail from the domain is.

So, SPF protects somewhat against forged-header spam, at a high cost
to the rest of the Internet.  But it doesn't actually protect against
the real current threats at all (the spambot drone armies).

A

--
Andrew Sullivan  | ajs@crankycanuck.ca
When my information changes, I alter my conclusions.  What do you do sir?
        --attr. John Maynard Keynes