[Mimedefang] SPF Usefulness (was Re: SNARE spam detection)
Rob MacGregor
rob.macgregor at gmail.com
Wed Jul 29 17:29:16 EDT 2009
On Wed, Jul 29, 2009 at 22:07, David F. Skoll<dfs at roaringpenguin.com> wrote:
> Paul Murphy wrote:
>
>> Proper implementation of SPF or a similar system across all mail domains
>> would cut spamming by 99% overnight,
>
> No, it wouldn't.
>
> Spammers would publish SPF records for their throwaway domains. We
> already see this quite a bit.
And it's been going on for some time - like DKIM, SPF is an
anti-spoofing measure, not an anti-spam measure. It's never pretended
to be anti-spam despite what people think.
>> and would remove almost all of the risk from phishing mails.
>
> Not really. SPF applies to envelope senders; people's mail clients
> show the header senders. So you can have MAIL FROM:<spammer at throwaway.net>
> and From: <servce at intl.paypal.com> with an SPF pass. :-(
Something I'm happy to see that the SPF FAQ covers, even if far too
many people fail to understand it.
--
Please keep list traffic on the list.
Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche
More information about the MIMEDefang
mailing list