Quote:
Originally Posted by sclitheroe
Sender Policy Framework and DNSSEC and a ton of this crap goes away. Depressing to me that nobody can agree to get this widely implemented.
|
SPF doesn't help if spam is coming out of an legitimate organization that has user systems compromised by a zero-day. Billy Bob in the field opens an e-mail that claims it's his ADP paystub, runs a .scr file disguised as a PDF, uses common UDP ports to tunnel to the internet and contact a spam bot net, then downloads further zero-days and spoofs traffic coming out of your domain and external IP...takes down e-mail for a company because internet blacklists automatically flag suspicious traffic within 15 minute of this occurring. In that time frame, a lot of bad e-mails could appear to be coming out of your organization that has a legitimate SPF record. There's a lot of spoofing and hijacking going on out there right now. That said, the speed at which blacklists/blocklists are reacting are helping a great deal.