Alex van den Bogaerdt wrote:
How can convince people that SPF is the lesser of two evils?
By demonstrating its power without doing harm.
Plugins or so for popular MTAs _and_ popular MUAs. Nothing destructive
happens, mail could for instance be attached to an email informing the
user about a policy mismatch.
A good amount of email will come unchanged. A good amount of forgery
will come as an attachment. Some false positives and some false
negatives will occur. If the amount of false positives is low enough,
the user will ask the provider to block in stead of tag.
I think this means I'm talking about spamassassin.
cheers,
Alex
Hear hear!
We have a big opportunity ramping up (AOL) and other potential huge
opportunities out there (see eBay phishing thread).
Imagine if eBay, Citibank, and a couple of similar large targets decided
to implement SPF, and enough regular consumers were protected (like, oh,
say AOL). I'm thinking of the non computer savvy basic eBayer who isn't
familiar enough with email to discover that the "update your account
NOW" email he just received actually originated from a cable modem in
Texas, or a poorly secured workstation in the Netherlands. Today,
they're fairly likely to be sucked in.. but if their ISP is able to
splash a big "WARNING: this message is very likely forged!" message,
they're hopefully less likely to fall victim.
Add in a few press releases from some prominent companies touting how
much their SFP solution has reduced fraud, and suddenly there's a
compelling financial reason for some big players to implement the
procedure. The anti-spam benefits are just icing on the cake.
--Rich
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡