On Apr 4, 2008, at 12:57 PM, Douglas Otis wrote:
On Apr 4, 2008, at 12:28 PM, Seth wrote:
Rich Kulawiec <rsk(_at_)gsp(_dot_)org> wrote:
For domains I trust (including all banks I do business with), I use
SPF to allow stuff they send me to bypass spam filters. That
enables those filters to be much stronger for stuff that looks like
bank messages.
How would you suggest a spammer can render that moot?
Look-alike, cousin domains, and display names.
Are you not clear on how domain-name based whitelisting works?
If you want to whitelist mail that "comes from" example.com's
mailservers
there are at least two ways of doing that.
One is to explicitly whitelist mail that comes from the IP addresses of
example.com's mailservers. That works fine, but requires each receiving
ISP to maintain those lists of IP addresses.
The other is to allow the owner of example.com to publish the IP
addresses
of those mailservers, and for all the receiving ISPs to use that list
of IP
addresses in order to whitelist email coming from example.com's
mailservers.
SPF is one way to do that. This will whitelist exactly the same set of
mail
as the first approach, just with less management overhead and less risk
of fat-fingering data.
So, please explain how "Look-alike, cousin domains, and display names"
will render that moot.
Cheers,
Steve
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg