On Sep 14, 2004, at 18:18, Barry Shein wrote:
On September 14, 2004 at 15:31 Damon(_dot_)Sauer(_at_)BELLSOUTH(_dot_)COM (Sauer,
Damon) wrote:
And SPF does nothing to identify spam- ONLY to validate the sending
domain to an IP address. That's it. No more.
This is only one piece of the puzzle but a necessary one. More are
needed in the fight against spam.
Why is it necessary?
It's amazing how many times this idea is disabused but people will
shamelessly stand up and make these vague and mysterious claims, like
used car salesmen...
I'm with Barry on this one.
SPF achieves one thing, and one thing only: it stops me being
joe-jobbed. (Or rather, it will once deployed everywhere.)
Now, that's all very fine and a welcome development, but it ain't gonna
stop spam.
The SPF proponents say "Ah, but now we'll be able to greylist messages,
and ISPs will be able to rate-limit their customers". Well,
whoop-de-do, because you can already greylist messages and check the
existing RBL mechanism, and ISPs could already be rate-limiting their
customers' outgoing port 25 connections if they actually gave a crap.
If someone can actually give a plausible mechanism by which SPF will do
more than protect me from joe jobs, one which doesn't rely on an
outbreak of mass responsibility and competence amongst ISPs, then I'll
be happy to change my opinion. Until then, I see SPF as something which
has been massively overhyped.
mathew
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg