ietf-mxcomp
[Top] [All Lists]

RE: SPF abused by spammers

2004-09-09 12:31:23

On Thu, 2004-09-09 at 08:07, Sauer, Damon wrote:
Dean,

You are missing where this is a GOOD thing. We WANT spammers to use
SPF. This will allow us to identify, publish, process, shred, pillage, burn,
destroy the IP addresses that this stuff is coming from. Nobody is doing
less stringent processing of the email that passes an SPF check. It just
makes it easier to block when identified.

How do you know the spammer has not bothered to include addresses of 
legitimate MTAs?  The obvious adaptive strategy would be to disrupt this
presumptive use of spammer's information as-if it were trustworthy.  

The checks that I DON'T have to do are against the received from:
headers. I already know. If you want to call this 'reducing filtering'
so be it. But it is a reduction because the check that you used to have
to run is no longer necessary.

The value of SPF is clear when white-listing as a means for reducing
false negative assessments.

SPF will never serve as a tool for blacklisting for what should be
obvious reasons.  There is a risk presuming the domain identified using
SPF has not been spoofed somewhere in the mail channel.  SPF does not
allow the IP address to be trusted to allow address blacklisting beyond
the current connection, nor does SPF really allow the MAIL FROM mailbox
domain be trusted to a degree that would allow name blacklisting, as it
fails to accurately identify the entity introducing the message.  The
mail channel is often shared and there is no means to verify the channel
is being checked at either end of the administrative realms.

-Doug


<Prev in Thread] Current Thread [Next in Thread>