In <btfb06$it5$1(_at_)sea(_dot_)gmane(_dot_)org> Jim Ramsay
<i(_dot_)am(_at_)jimramsay(_dot_)com> writes:
On the off chance that a spammer puts in a "real" address in the
envelope sender (I think they usually just generate random strings),
this is true. However, I feel that this is seldom and using SPF
should reduce this.
--wayne <wayne(_at_)midwestcs(_dot_)com> wrote:
It is *because* spammers forge real email addresses of innocent third
parties that so many people are interested in SPF.
I agree with Wayne here. Many email programs can already detect and reject
when the sender's domain doesn't exist at all. If a quick DNS check
indicates that it would be impossible to reply to that domain - because it
doesn't exist - the mail will probably get kicked. This is the default for
Sendmail and I assume many others.
Because it's so easy to check for fake domains, and spammers know this,
they usually put something real on the right side (@domain.com) and often
something fake on the left side, since that is harder to verify. Some
spammers put random crap on the right (like okfigpzk908(_at_)hotmail(_dot_)com, and
other spammers just choose another name on their list of who to send To:
and make that the From:
SPF will help domain owners that choose to use it. There are so many
domains out there, that before we see an end to forgery I would guess that
we will see spammers doing lookups to see who hasn't published SPF info yet
and just forge those. This puts pressure on those domain owners to adopt
SPF but a lot will not care, until the idea becomes widespread and they
start seeing their mail downgraded or blocked for NOT having it -- but that
will probably be a long time indeed. THEN they will have to fall back on
the practice many are already doing: registering thousands of throwaway
domains, spamming from them, and then letting them expire. But if they
spam from their own domain it will make it easier to track them down.
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡