Hi,
On Mon, 2004-01-12 at 00:26, spf(_at_)unobtainium(_dot_)net wrote:
[...]
This is straightforward. SPF aims to make it harder to forge mail. My
understanding is that even if Johnny Spammer set up his own domain with
his own spf records, he still couldn't impersonate AOL (this assumes
that AOL had published a sane policy in their own SPF records). When
your MTA sees MAIL FROM: user(_at_)aol(_dot_)com your MTA would query the
aol.com
name servers, get the AOL SPF policy, and find (presumably) that Johnny
Spammer's servers are not authorized to send mail from aol.com. Your
mail system could then reject the mail, accept it and add points to its
spam score, or whatever.
Also, note that everything that forces spammers to use address space
they own makes it easier to block their traffic.
current spammers fake e-mail addresses since this is the cheapest way
for them to achieve their goals. Assumed spf will take this inroad into
our e-mail boxes away from them, they will user other methods. Sure,
once you have detected that, say, abcdefg.com, is a spammer's domain, it
can be blocked. They will have used abcdefg.com for about ten billion
messages before, and still work profitably. Maybe they will have to set
up a couple of domains to make traffice analysis harder, maybe they will
have to use messages combined from an array of text blocks, but on my
assumptions as to the gains spam mails offer to those who produce them,
this will simply not stop them. It will, however, make life harder for
all of us ;-)
Best regards,
Ernst
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡