Yes, in fact SPF does prevent this!
Actually, whether it does depends on how the worm sends out mail. A worm
may have its own SMTP "engine", and send the mail directly. However, the
worm can also attempt to send out the mail just as if the "real" user of
the machine was sending the mail, by connecting to the mail server (POP,
IMAP ir whatever) and in that case the mail would be indistinguishable
from regular mail from that domain as far as SPF is concerned.
In the first case SPF would indeed work just fine - sure, the machine
belongs to the right domain, but it is not authorized to send mail
In the second case SPF will not help.
--
Fridrik Skulason Frisk Software International phone: +354-540-7400
Author of F-PROT E-mail: frisk(_at_)f-prot(_dot_)com fax:
+354-540-7401
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡