Thursday, May 27, 2004, 5:24:49 AM, you wrote:
RS> I am a subscriber to the on-line Security UPDATE newletter
RS> <Security-UPDATE(_at_)list(_dot_)winnetmag(_dot_)com> and have just sent
the message below
RS> to the editors for comment.
RS> I would like to ask the same question to this discussion group - is there
RS> some way for spammers to circumvent the SPF solution short of hijacking the
RS> DNS or mailservers for a domain?
Spam flows nowdays from zombies, proxies, temporary subscriber
accounts, and a few open servers (hereafter "sender equipment") - so
here's how the spammers need to adapt in the post-SPF world:
1. Their "sender equipment" needs to detect if SPF is in use when
originating an email (a TXT lookup)
If not - no change - pick any random sender, and submit the spam
If so - either...
A) Pick another fake domain to send from instead, and go back to
step 1, or
B) Implement their own SPF on their spam domain and send anyhow,
or
C) Figure out what domain their "zombie" is running from, and if
that domain supports SPF, then spoof random senders from this
domain. (eg: [HKEY_USERS\...\Software\Microsoft\Internet
Account Manager\Accounts\00000001\SMTP Email Address]
You're missing an important point though. SPF is *NOT* an anti-spam
technology. It's got practically nothing to do with spam, and it
won't have any noticeable effect it.