--Dan Boresjo <dan(_at_)boresjo(_dot_)demon(_dot_)co(_dot_)uk> wrote:
On Friday 12 December 2003 7:29 pm, marrandy wrote:
What has this to do with the SPF system ?
The thread was discussing the proper relationship between a sender
authentication scheme (which SPF is) and sender reputation schemes.
My view was that SPF is correctly making as few assumptions as possible
with respect to the design of such a reputation scheme. This was
challenged as wrong in preference to integrating a one-size-fits-all
reputation scheme into the authentication system. Or at least that is
the impression I got.
Agreed. Intentionally forging someone else's name is almost always bad.
Spammers can totally get around SPF by using their own domain. SPF doesn't
try to prevent unwanted mail, only *forged* mail.
Forgery incurs additional costs, such as time spent analyzing to find the
*real* sender, wasted messages to the forged domain that can't help to stop
the spammer, etc.
To the original idea, I agree with you that trying to do too much would
spell doom for SPF or anything else claiming to do-all and be-all of spam.
Spam is a *hard* problem, and it's going to take many, many, different
tools and efforts to fight it. SPF shouldn't attempt to solve other
problems, not even very important ones.
Given that, other factors that make a message "unwanted" or a domain "not
trusted" are beyond the scope of SPF and probably this list. Most lists
tolerate some amount of off-topic chatter, and that's good, but I usually
prefer to wrap it up briefly and recommend some other place for people to
go for more detailed conversation about it (like SPAM-L maybe)...
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.3.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡