On Thu, Jan 22, 2004 at 10:05:00AM -0800, Thomas R. Stephenson asserted:
I'm not sure this computes for me at least. SPF is an authentication
method, it says the mail is coming from a source approved by the domain
owner. For those that are saying that they will limit the IP addresses
then you might want to reject immediately. For a connection where you do
not get this limitation then you'll still have to process the mail
somehow.
SPF says nothing about the content of the message. You may get spam that
passes; you may get good mail that SPF says is a forged source.
It doesn't have to examine the contents; that's not its job. It only says 'the
domain owner says that mail from this domain is supposed to originate from this
address'. If the domain owner publishes a spf record, then any mail not
originating from a host defined in that record is forged. If the owner doesn't
publish a spf record, then you'll have to use other means to define legitimacy.
If a spammer publishes spf records, and spf is the only mechanism you employ,
then yes, you'll still get spam. But it will be easier to address those,
because you'll have a greater likelihood of tracing the source.
It it your intent to simply reject the mail based on SPF?
In my case, yes, but not until it is in widespread use. In the meantime, there
is nothing in the spf rfc that demands messages be handled by any method. Just
like with Spamassassin, you determine final disposition in your own policy.
None of this is a magic bullet. It just adds a tool to the arsenal. If or how
you deploy that tool is up to you.
--
Bob Greene
Public key available at
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC9C7841C
Or, you can just pull my finger
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡