Novel Method for Universal Email Authentication

MKaplan writes "Most spam is sent using spoofed domains. Email authentication schemes such as SPF attempt to foil spoofing by having domain administrators publish a list of their approved outgoing mail servers. SPF is sharply limited by incomplete domain participation and failure to authenticate forwarded email. A paper describes a novel method to rapidly generate a near-perfect global SPF database independent of the participation of domain administrators. A single email from an unauthenticated domain is bounced and then resent — this previously unauthenticated domain and the server listed in the return path of the resent bounce are entered into a globally accessible database. All future emails sent from this domain via this server will be authenticated after checking this new database. Mechanisms to authenticate forwarded email and to nullify subversion of this anti-spam system are also described."

Greylisting is effective for me

[baileydau]

Do you have any data on the exact date or extent to which greylisting became ineffective?

I don't know about the GP, but for me greylisting is very effective. I have a personal domain for my wife and myself. I have a catchall mail address.

Here are some stats for part of last week:

Start Date 23/09/07 04:02
End Date 28/09/07 17:00
                5.54 days

Total spam: 4624
Spam blocked with greylisting: 4478 (96.8%)

spam via backup MX: 69 (1.5%)
spam retried (got past greylisting): 77 (1.7%)

Total through to end user: 146
Identified as spam (SpamAssassin): 123 (84.2%)

backup MX marked as spam: 50 (72.5%)
direct marked as spam: 72 (93.5%)

Total to end user not marked as spam: 23 (0.5%)

NB. Up until about a month ago, ~25% of SPAM came via my backup MX, which doesn't have greylisting. I don't know why it dropped, but I'm happy it did.