spf-discuss
[Top] [All Lists]

Re: first spf-enabled spam

2004-04-13 05:51:33
Hi !!

With SPF, only blueyonder customers can forge the MAIL FROM.  Of course,
anyone can still forge the From:.

sorry, but any spammer could easly hack a computer in blueyonder dls/cable zone and start forging their addresses.

This is an improvement.  Not a huge one, granted, but it's certainly *not*
a "totally *BIG* security hole".

well, think about how some filters like spamassassin will score a spf
pass, if they take that in account, i'm sure spammers will start seeking
dsl/cable spf-authorized hosts to hack and use to spam. This will make
blueyonder customers a prefered target for spammers, not very great ...

Remember, there are other tools out there besides SPF.  They're meant to
be used together.  Just because a message passes the SPF check doesn't
automatically mean it's a Message From God That You Have To Read.

that's exactly what i realized last days, that spf pass is not anything
meaningful

--
Best regards ...

If little else, the brain is an educational toy.

----------------------------------------------------------------
   David Saez Padros                http://www.ols.es
   On-Line Services 2000 S.L.       e-mail  david(_at_)ols(_dot_)es
   Pintor Vayreda 1                 telf    +34 902 50 29 75
   08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------