You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Daniel Quinlan <qu...@pathname.com> on 2005/01/10 01:31:09 UTC
initial analysis of SPF_PASS results
First, large ISPs seem to be the origination point for a *lot* of spam.
Second, here's my list of the domains we could potentially whitelist for
SPF_PASS results (high count, good ratio, not biased towards open source
folks).
0.0000 90 health.webmd.com
0.0000 27 foolsubs.com
0.0000 23 ms3.lga2.nytimes.com (list *.nytimes.com ?)
0.0000 17 match.com
0.0000 9 paypal.com
For a different and even less biased approach, I took the listings with
0.01 or lower S/O ratio and ranked them by SenderBase volume (entries
above 6.0 on the volume scale). Note that I just extracted
registrar-level domain names from the SPF domain lists, so some of these
are definitely not completely clean or are not immediately
whitelistable.
domain volume whitelist?
-------------------- ------ ----------
ebay.com 7.5 yeah
amazon.com 6.7 yeah
speakeasy.net 6.6
paypal.com 6.6 yeah
msn.com 6.6
roving.com 6.5
nytimes.com 6.5 yeah
m0.net 6.5
classmates.com 6.5
exacttarget.com 6.4
sparklist.com 6.2
sourceforge.net 6.1
securityfocus.com 6.1
spamarrest.com 6.0
rm04.net 6.0
redhat.com 6.0
foolsubs.com 6.0 yeah
bluehornet.com 6.0
So, based on all that, I'm thinking we could experimentally add SPF_PASS
whitelists for:
ebay.com
amazon.com
paypal.com
nytimes.com
foolsubs.com
webmd.com
match.com
I checked NANAE and the above domans seem to be pretty clean and this
jives with my recollection.
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
Re: initial analysis of SPF_PASS results
Posted by Daniel Quinlan <qu...@pathname.com>.
> Large ISPs' outbound relays, or direct from their dynamic pools?
> e.g. blueyonder.co.uk list their dyn pools in their SPF record,
> which is unfortunate but legal.
I suspect some of that, plus a lot of whatever bug is causing that AOL
SPF_PASS false match I reported. That was the first reputatable ISP I
checked for SPF_PASS hits vs. their MAIL FROM in my spam folder, so I
suspect there are a lot more problems that way.
Daniel
--
Daniel Quinlan
http://www.pathname.com/~quinlan/