Larry makes the right point here, sure there are countermeasures, but the
coutermeasures have costs and are vulnerable to coubter countermeasures.
Senderid was chosen because of all the available measures it looked the most
promising. I have seen no idea that appears to offer more and even if such
an idea was proposed now the boats are burned. We cannot embark on a new
course until this project is completed.
-----Original Message-----
From: Larry Seltzer [mailto:larry(_at_)larryseltzer(_dot_)com]
Sent: Tue Jul 27 16:28:38 2004
To: ietf-mxcomp(_at_)imc(_dot_)org
Subject: RE: How is SPF different from RMX?
With the preceding in mind, how does SPF prevent a virus-infected,
hijacked computer from sending abuse email?
It doesn't. It DOES, however, make them accountable to either the
domain used by the owner of the infected machine, or by a throw-away
spammer domain.
It's worth pointing out, unless I'm mistaken, that the entire endemic
population of mail worms would fail under SPF. None of them would
authenticate because they all pick MAIL FROM addresses essentially at
random and then use built-in MTAs, none of which will be registered in
any DNS.
It would also be much harder to write one that would be successful, and
the messages would actually come from where they purport to come from,
making it easier to shut down the worm. For instance, if there is a
throwaway domain involved it would be quickly shut down.