On Mon, 27 Feb 2006 19:40:44 -0500 John Kelly <jak(_at_)isp2dial(_dot_)com>
wrote:
On Mon, 27 Feb 2006 19:23 -0500, Scott Kitterman
<spf2(_at_)kitterman(_dot_)com>
wrote:
SPF has complexities galore that are an impediment to adoption, but there
are enough people checking SPF that since I adopted it, my forged bounce
problem (and by implication forgery of my domain) has to almost nothing.
And the spammers just move on to forging domains without SPF records.
Yes, but they aren't mine. That's a victory.
It is now pretty common in my mail stream to see phishing e-mails with an
obscure mail from and
the phishing target in the body. Clearly SPF is having an impact on bad guy
behavior.
There is no solution to e-mail forgery that doesn't break something. SPF
is a good solution for now.
I don't know yet, whether the breakage is worth the benefit. I'll
have to gather more evidence.
In my opinion it's clearly worth it for me. Some will reasonably come to a
different
conclusion.
For someone who has a domain that isn't just run off a dedicated MTA by a very
knowlegeable
admin, it's the only game in town these days to fight forgery of your
domains.
Scott K.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com