spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Using headers instead of SRS

2004-01-27 13:12:41
from [Mark] [Permanent Link] 
----- Original Message ----- 
From: "Greg Connor" <gconnor(_at_)nekodojo(_dot_)org>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Monday, January 26, 2004 8:36 PM
Subject: RE: [spf-discuss] Using headers instead of SRS


If SPF makes the claim of being able to stop forgeries, then
taking it to the next logical level makes sense. To me, the
next logical level for the spammer is to send

  Return-Path: bad(_at_)spammer(_dot_)com
  From: support(_at_)microsoft(_dot_)com


Believe it or not, but that is actually the ideal situation. :) If a spammer
uses his own envelope-from domain, then we can even re-introduce domain
based block-lists (which now, due to all forgeries, was rather silly).


Or worse:

  Return-Path: support@ (other domain with no spf)
  From: service(_at_)paypal(_dot_)com


Imagine we were having this discussion ten years ago; but then not over SPF,
but over closing open relays. I'm sure people then came with similar
objections; like, "What if a spammer just uses a non-closed relay?" Well,
we've seen what happened. Those open relays were readily identified; their
administrators were warned; and, eventualy, they simply appeared on
block-lists.

Now, I am NOT suggesting that domains who publish no SPF records should, or
will, be blacklisted. But I am suggesting, that domain owners, whose non-SPF
domains are increasingly being used in forgeries, will themselves feel an
increased wish to protect the integrity of their domain names. And then we
came full-circle; because that was the purpose of SPF to begin with. :)

- Mark

        System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
Wiki: 
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/HomePage
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SPF advocacy, Meng Weng Wong
Next by Date:  Re: Mechanism usage in live SPF records, Wechsler
Previous by Thread:  Re: Using headers instead of SRS, Steven G. Willis
Next by Thread:  RE: Using headers instead of SRS, Julian Mehnle
Indexes:  [Date] [Thread] [Top] [All Lists]