This is a multi-part message in MIME format.
First, and most obviously, spammers will use more "disposable domains",
hoping to get the spam out before the domains are blacklisted.
Please note that it will become more and more common to delete spam e-mail from
people's mailboxes after they have received the e-mail. Also, techniques that
involve delaying some e-mails can be improved with SPF - because greater
reliability on sender addresses makes it possible to reduce the delay on
already approved sender addresses.
Getting a new domain is trivial and cheap. *However*, getting a new IP block
is not. If spam evolves along this route, I imagine there will be more
emphasis on IP-based RBLs, blocking the sites hosting those disposable
domains until they clean up their act.
SPF reduces the number of possible IP addresses, making IP blocking easier ;-)
try to determine which domain the machine "belongs to" and send mail
appearing to be from that domain.
This is not a problem with SPF. SPF doesn't prevent people from sending spams
or viruses and never intended to do that. SPF just connects the sender address
with the sender machine, and you need additional mechanisms to use this to
prevent spam.
Say that it
finds mail addressed to John_Smith(_at_)somedomain(_dot_)com(_dot_) Fine,
the spam/worm
software could then start sending out mail appearing to be from someone
at somedomain.com
Again, SPF is not intended to stop that, but SPF can help the infected
organization to avoid those e-mails being classified as genuine. Several ISPs
are now blocking outgoing TCP connections to port 25 except for connections to
their own mailservers (for instance tdc.dk), and this means, that a virus or
worm either has to use the mail application (but Outlook 2003 blocks MAPI
access by default) or read the mail application's settings (mailserver,
username, password). But if the mail-servers also scans outgoing e-mails,
viruses and worms don't have much chance of sending anything.
The combination of SPF, port 25 blocking, mailserver authentication and
scanning of outgoing e-mails on the mailserver can be an extremely powerful
combination to prevent, that anyone ever sees a virus coming from your e-mail
address.
Lars Dybdahl.