[Mimedefang] OT but interesting hopefully - Spammers embrace email authentication
Jeff Rife
mimedefang at nabs.net
Wed Sep 8 18:56:51 EDT 2004
On 7 Sep 2004 at 17:38, Kelson wrote:
> Jeff Rife wrote:
> > In the future,
> > though, it'll get worse as more and more servers think a good SPF
> > record but no listing on a blacklist means "OK". As that happens,
> > expect even faster turnaround on domain names.
>
> Please read the article I linked to, then address this point again.
>
> Anyone who thinks "SPF Pass" is supposed to mean "Not Spam" hasn't been
> paying attention.
I don't see what you mean. I said that if the SPF matches but the
domain isn't on a blacklist, then you have to do *exactly* the same
content scanning you do now...SpamAssassin, etc. So, why bother with
SPF at all, since spammers will eventually *always* send from domains
not on blacklists but with accurate SPF info?
> Suppose that you get a message claiming to be from speed.net. Suppose
> it's actually been sent using Outlook, or Eudora, or something that
> imitates it well enough that all the headers are typical of "real" mail.
> Now, how can you tell whether it's really from speed.net or not?
I don't really care, and most other people don't, either, if the
content says "this is SPAM".
If it *isn't* SPAM, then SPF isn't really enough to give somebody
confidence in saying "yes, this is authentic" or "no, it isn't", for
several reasons:
- The envelope return address (and *everything* but the "From:"
content) can be forged to be "@speed.net", and accurate SPF data used
for the "From:" address.
- The "From:" address can be close enough to "@speed.net" to be used in
phishing e-mail.
- Knowing if an e-mail is "From: yyy at speed.net" doesn't help to
determine if it SHOULD BE "From: yyy at speed.net".
SPF doesn't do enough to give any real security...PGP (or similar)
signatures are the only real way to do this.
--
Jeff Rife |
SPAM bait: |
http://www.nabs.net/Cartoons/Dilbert/LostNetworkPassword.gif
AskDOJ at usdoj.gov |
spam at ftc.gov |
More information about the MIMEDefang
mailing list