ietf-mxcomp
[Top] [All Lists]

RE: SPF abused by spammers

2004-09-09 13:16:22


You are missing where this is a GOOD thing. We WANT spammers to use 
SPF. This will allow us to identify, publish, process, 
shred, pillage, 
burn, destroy the IP addresses that this stuff is coming 
from. Nobody 
is doing less stringent processing of the email that passes an SPF 
check. It just makes it easier to block when identified.

How do you know the spammer has not bothered to include addresses of 
legitimate MTAs?  The obvious adaptive strategy would be to 
disrupt this presumptive use of spammer's information as-if 
it were trustworthy.  


 I am not looking at the SPF record at this point. I am looking at the
IP address they connected from.
 Am I misunderstanding your question? This just seems too obvious to me.



The checks that I DON'T have to do are against the received from: 
headers. I already know. If you want to call this 'reducing 
filtering' 
so be it. But it is a reduction because the check that you used to 
have to run is no longer necessary.

The value of SPF is clear when white-listing as a means for 
reducing false negative assessments.

SPF will never serve as a tool for blacklisting for what 
should be obvious reasons.  There is a risk presuming the 
domain identified using SPF has not been spoofed somewhere in 
the mail channel.  SPF does not allow the IP address to be 
trusted to allow address blacklisting beyond the current 
connection, nor does SPF really allow the MAIL FROM mailbox 
domain be trusted to a degree that would allow name 
blacklisting, as it fails to accurately identify the entity 
introducing the message.  The mail channel is often shared 
and there is no means to verify the channel is being checked 
at either end of the administrative realms.


 Please provide an example of how this would happen. I am completely
missing your chain of thought.

Regards,
Damon Sauer

*****
The information transmitted is intended only for the person or entity to which 
it is addressed and may contain confidential, proprietary, and/or privileged 
material.  Any review, retransmission, dissemination or other use of, or taking 
of any action in reliance upon, this information by persons or entities other 
than the intended recipient is prohibited.  If you received this in error, 
please contact the sender and delete the material from all computers. 113



<Prev in Thread] Current Thread [Next in Thread>