[Mimedefang] Re: What to do about bounced forgeries?

[Rick Mallett]

On Mon, 22 Dec 2003, Kevin A. McGrail wrote:

> > I think SPF will have to be forced in by decree.  It will take
> > something like AOL, Hotmail, Yahoo and Earthlink banding together and
> > saying "Starting January 1, 2005, we will not accept mail from domains
> > that do not have SPF TXT records."
>
> That would certainly help though I don't see the way that a spammer wouldn't
> be able to buy a domain for $6 on a stolen credit card, add SPF and spam the
> planet.  Am I missing something?
>

The main goal of SPF is to prevent forgery, not necessarily prevent spam,
and although forgery may seem to be a minor annoyance, it has become for
us a major problem that is crippling our mail server, not to mention the
damage to our reputation resulting when people who don't understand the
mechanics of mail delivery receive spam that they believe was sent from
our domain.

I must admit I didn't know what SPF was before this morning when I
started reading about it based on information posted to this list,
but I think its a great idea and hopefully it will help to solve
problems such as ours in the long term. In the meantime though we
need to find a more immediate solution.