Re: Spammers Skirt IP Authentication Attempts

[Paul Jakma <paul () clubi ie>]

On Wed, 8 Sep 2004, David Cantrell wrote:

> You forget, SPF doesn't just tell you who is authorised to speak on 
> behalf of foobar.com, it also tells you who is *not* authorised.

That is sort of implied, yes.

> If you get mail coming in from - eg - randomgibberish.comcast.net 
> claiming to be from foobar.com, then you know that it's dodgy 
> unless foobar.com's SPF record says that that cable modem address 
> is authorised.

Except that, SPF records are as easy to setup for a spammer, as for 
you and I. If the above is a spammer, then SPF for foobar.com will 
list randomgibberish.comcast.net as an authorised sender.

SPF will absolutely not have any effect on spam.

And I say this merely as a disciple of Vixie - he thought of a form 
of SPF /years/ ago, and he knew /years/ ago it wouldnt do anything 
for Spam. The only difference between Vixie's MAIL-FROM MX records 
and SPF is the snake-oil: Vixie was honest in his claims for what it 
could do, the hype around SPF is not.

regards,
--
Paul Jakma      paul () clubi ie        paul () jakma org       Key ID: 64A2FF6A
Fortune:
Reformatting Page. Wait...