Dr. Ernst Molitor wrote:
[snip]
What about Johnny Spammer - why shouldn't he buy a class C network, set
up a DNS service complete with spf records, and a couple of MTAs, and go
for his ugly business?
This is straightforward. SPF aims to make it harder to forge mail. My
understanding is that even if Johnny Spammer set up his own domain with
his own spf records, he still couldn't impersonate AOL (this assumes
that AOL had published a sane policy in their own SPF records). When
your MTA sees MAIL FROM: user(_at_)aol(_dot_)com your MTA would query the aol.com
name servers, get the AOL SPF policy, and find (presumably) that Johnny
Spammer's servers are not authorized to send mail from aol.com. Your
mail system could then reject the mail, accept it and add points to its
spam score, or whatever.
Also, note that everything that forces spammers to use address space
they own makes it easier to block their traffic.
The main debate about DS schemes appears to come down to this: Are we
interested in breaking mail forwarding? I'm no guru, but what I've read
on this list and others in the past few days seems to indicate that this
is the real question. There are likely others, but forwarding seems to
be the biggie.
--eli
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡