nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Spammers Skirt IP Authentication Attempts

From: Stephane Bortzmeyer <bortzmeyer () nic fr>
Date: Mon, 6 Sep 2004 14:19:50 +0200

On Mon, Sep 06, 2004 at 04:26:04AM -0700,
 Henry Linneweh <hrlinneweh () sbcglobal net> wrote 
 a message of 4 lines which said:


This is not a good beginning

http://www.eweek.com/article2/0,1759,1642848,00.asp


Bad paper. The CipherTrust story, which is mentioned, is very weak: it
contains several big mistakes (such as mentioning SenderID
records... which do not exist yet since the working group is in the
"last call" state) so I question its credibility.

Regarding the facts, testing on my "spam" mailbox, I can see SPF
records from spammers but it is very uncommon (there is no incentive
for them to publish SPF immediately, because few sites will test
them).

Otherwise, SPF is not anti-spam by itself. In the same way that
network security is not provided by a firewall alone, anti-spam
protection is not provided by SPF alone. SPF is an enabler: it allows
you to be more confident in the authenticity of the domain, giving
reputation systems (whilelists and blacklists) a better chance to
succeed.
Previous By Date Next
Previous By Thread Next

Current thread: