Fridrik Skulason <frisk(_at_)f-prot(_dot_)com> writes:
... and not only _might_ that happen, but it _does_ happen frequently
these days.
Indeed, but that is not the problem that SPF or any other
authentication-focused anti-spam measure is meant to solve. The best
it can do is to provide a reasonable level of certainity that the sender
is who he says he is. Now, while this may not affect the overall
amount of spam mail much (as the spammers have SPF-compliant alternatives),
it will make life more difficult, and it can (if widely and properly
implemented) eliminate the problem of viruses and spam with a forged
sender's address.
Agreed. I understand that SPF is not designed to cover this case, and
that other mechansims have to be used if we want to deal with it.
In my usual nit-picking way, I just wanted to point out that the
hypothetically described situation that was mentioned previously is
actually a reality.
--
Lloyd Zusman
ljz(_at_)asfast(_dot_)com