Roy Badami wrote:
The only way that SPF can solve the backscatter problem is
if _every_ MTA implements SPF checks, so that there's _never_
an upstream MTA to generate a bounce to a forged MAIL FROM.
No, that's not the idea. At the moment spammers still forge
my addresses @xyzzy. As soon as some big providers implement
SPF (e.g. using SpamAssassin 3.x) the spammers will stop to
forge @xyzzy, because they want to reach all of their unhappy
"customers". The rest of the world minus say AOL and Hotmail
is not good enough for a professioal spammer.
this will just take too long
Learning new tricks may take a while for spammers, but not that
long. A smart SPF solution could automatically block an IP if
it generates a SPF FAIL.
Backscatter is a big problem now
Indeed. And PRA does not address it.
The backscatter problem needs to be solved quickly.
Classic SPF solves it. Bye, Frank