ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Analysis of SPF benefits for reduced filtering

2004-08-10 19:18:09
from [Sauer, Damon] [Permanent Link] 

I think, no- I *know* that you are failing to understand what SPF *IS*.
Wondering about what AOL is doing is an exercise in futility AND I
seriously doubt that AOL's email services group would be as inept as you
are suggesting here.

Regards, 
Damon Sauer 




-----Original Message-----
From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Dean 
Anderson
Sent: Tuesday, August 10, 2004 7:56 PM
To: 'IETF MARID WG'
Subject: Analysis of SPF benefits for reduced filtering




It has been reported that AOL is already using SPF to give reduced 
filtering to SPF-using domains. Is this a good idea?

IF you use SPF to provide less stringent anti-spam processing, then you
are MORE vulnerable than you were before. You have shot yourself in the
foot.  Suppose for example that AOL subjects MSN users to less stringent
anti-spam filtering because MSN uses SPF.  MSN is still vulnerable to
viruses as it was before it used SPF, and it is just as vulnerable to
disposable account creation as it was before.  Using SPF will
__attract__
abusers to MSN, because they can get more spam through to AOL, because
it
is subject to less processing.  Since AOL is doing less processing on
the
same spam, AOL users get more spam. SPF is bad for both companies.

And of course, anyone who sets up a disposable domain can also get spam
through to AOL by creating an SPF record for the domain. Disposable
domains along with disposable or stolen accounts is a major problem now,
and it remains a major problem under SPF.

Anything that reduces spam filtering without reducing the number of
abusers will be harmful.

Basically, SPF gives abusers the opportunity to whitelist themselves, or
the opportunity to identify ISPs that may be whitelisted. Any kind of
whitelist that is under the control of the sender, rather than the
recipient is also going to be ineffective and harmful.


Dean Anderson
Av8 Internet, Inc



*****
The information transmitted is intended only for the person or entity to which 
it is addressed and may contain confidential, proprietary, and/or privileged 
material.  Any review, retransmission, dissemination or other use of, or taking 
of any action in reliance upon, this information by persons or entities other 
than the intended recipient is prohibited.  If you received this in error, 
please contact the sender and delete the material from all computers. 113
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: change of version string, kent crispin
Next by Date:  Re: you must fill your zones with TXT records, Meng Weng Wong
Previous by Thread:  Re: Analysis of SPF benefits for reduced filtering, Dean Anderson
Next by Thread:  draft minutes of the San Diego meeting, Andrew Newton
Indexes:  [Date] [Thread] [Top] [All Lists]