[Mimedefang] SPF Usefulness (was Re: SNARE spam detection)
rob.macgregor at gmail.com
Wed Jul 29 17:29:16 EDT 2009
On Wed, Jul 29, 2009 at 22:07, David F. Skoll<dfs at roaringpenguin.com> wrote:
> Paul Murphy wrote:
>> Proper implementation of SPF or a similar system across all mail domains
>> would cut spamming by 99% overnight,
> No, it wouldn't.
> Spammers would publish SPF records for their throwaway domains. We
> already see this quite a bit.
And it's been going on for some time - like DKIM, SPF is an
anti-spoofing measure, not an anti-spam measure. It's never pretended
to be anti-spam despite what people think.
>> and would remove almost all of the risk from phishing mails.
> Not really. SPF applies to envelope senders; people's mail clients
> show the header senders. So you can have MAIL FROM:<spammer at throwaway.net>
> and From: <servce at intl.paypal.com> with an SPF pass. :-(
Something I'm happy to see that the SPF FAQ covers, even if far too
many people fail to understand it.
Please keep list traffic on the list.
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche
More information about the MIMEDefang