spf-discuss
[Top] [All Lists]

Re: SPF articles for Linux Journal

2004-01-05 15:15:41
On Mon, Jan 05, 2004 at 11:33:03PM +0200, Arik Baratz wrote:
I have thought it over, and I think that to initiate someone into the idea of
SPF in the most rapid way is to describe SPF as "a way to create a personal
black-list / white-list of mail senders for your own domain".

That sounds like work, though. I still think SPF does best what it actually
does: prevent sender domain forgeries. SPF will only be useful for
maintaining lists because spammers have an increased cost not only recuiring
new IP addresses to spam from all the time, but also new domains, as they
can be blacklisted both ways now. SPF does not at all change the aspects of
maintaining a decent list itself. Someone will still need to remove domains
(and IPs) from blacklists, and decide whether to add new ones. These lists
should become more accurate, but SPF is no pixie dust here.

However, it will help prevent forgeries such as those fake PayPal, eBay, etc
etc account password scams. It will help prevent viruses etc setting their
From: to whatever address they can find on a system*.

* Machines that can access local SMTP resources without authorization might
be able to spam for SPF-enabled domains in these resources. If some
malicious code is running on my workstation injecting spam as
whatever(_at_)capsi(_dot_)com, it will go out through a server designated as 
valid for
capsi.com. That is already a severe limitation though, and would make any
kind of forgery a crime because it would require compromising systems.

Maybe.. "SPF prevents domain forgeries in e-mail. As such it protects your
domain, and assists preventing spam by allowing reliable domain blacklists
to be made. Known spammers will require both new IP addresses as well as
registered domain names to avoid blacklists, which increases their
operational costs. SPF also reduces your own operational costs, as any
trusted domain owner can reliably be whitelisted."

Rob
-- 
Rob Kaper     | Fate fell short this time, your smile fades in the summer
cap(_at_)capsi(_dot_)com | Place your hand in mine, I'll leave when I wanna
www.capsi.com |   -- "Feeling This", Blink 182

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ëù1Ií-»Fqx(_dot_)com

Attachment: pgpLoWAEGp0jA.pgp
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>