David wrote:
Hi !!
With SPF, only blueyonder customers can forge the MAIL FROM. Of course,
anyone can still forge the From:.
sorry, but any spammer could easly hack a computer in blueyonder
dls/cable zone and start forging their addresses.
Raising the bar to require hacking a system in the zone you wish
to pretend to be from is a significant improvement over the current
state of affairs, where you can forge a message to be from _anywhere_
just by tweaking a variable in your spam software.
well, think about how some filters like spamassassin will score a spf
pass, if they take that in account, i'm sure spammers will start seeking
dsl/cable spf-authorized hosts to hack and use to spam. This will make
blueyonder customers a prefered target for spammers, not very great ...
Look at the spam viruses out there and tell me they aren't already a
preferred target (along with Comcast, Earthlink, and other broadband
customers).
Remember, there are other tools out there besides SPF. They're meant to
be used together. Just because a message passes the SPF check doesn't
automatically mean it's a Message From God That You Have To Read.
that's exactly what i realized last days, that spf pass is not anything
meaningful
Please put the shoe on the other foot for a moment, it is quite
meaningful, especially when the pass is on _your_ domain.
I'm still inclined to put a negative score on SPF passes despite the
fact that it can let spam through, because my users get quite
upset with me if I generate false positives, and SPF pass is the most
reliable way I've found so far to ensure that AOL subscriber's e-mails
get through the spam filter cleanly (for some reason they create most of
my false positives).
--
Daniel Taylor VP Operations Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com http://www.vocalabs.com/
(952)941-6580x203