RE: RE: AOL to ESPs: Comply with SPF, Or Else
2004-06-12 15:11:20
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Julian
Mehnle
Sent: Saturday, June 12, 2004 7:16 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] RE: AOL to ESPs: Comply with SPF, Or Else
Alan Hodgson [ahodgson(_at_)simkin(_dot_)ca] wrote:
On Fri, Jun 11, 2004 at 11:50:55AM -0700, Jonathan Gardner wrote:
I think when most spammers publish SPF records, we will have won.
That was the original intent anyway: Get the spammers to show
themselves and get a way to hold them accountable.
I'm waiting to see the first one that publishes
exists:%{ir}.cbl.abuseat.org (however you'd actually express that) :p
Well, publishing "+all" certainly would be a lot simpler.
All that, however, doesn't matter, because we can just blacklist the
domain in question if spam originates claiming to be from there. If the
spammer says "+all", i.e. "everyone can use my domain", we don't need to
accept messages from that domain at all.
I think that Jonathan Gardner's point above:
"I think when most spammers publish SPF records, we will have won" is a key
point. I thought the ending domain forgery was the purpose of SPF. I want
SPF to get to the point where I can safely publish a -all for my domain. I
want mail receivers (at whatever level) to respect that -all and not blame
me for what I didn't do. I want to see an end to spam with my name on it.
An end to spam would be nice, but SPF isn't going to do it alone. I don't
really need SPF to stop spam at the user level (for me, SpamAssassin catches
about 99.9% of it without false positives). What I need SPF for is a
reliable way to define the permitted sources of e-mail for my domain.
All the other stuff about reputation services and black listing is good, but
lets not get the cart before the horse. Getting SPF (and SRS or
whitelisting or whatever) deployed has got to be the initial focus. I would
suggest that anti-forgery needs to remain the focus or we will end up trying
to be all things to end spam and SPF will get to complicated to deploy.
Anti-forgery first, then anti-spam.
Scott Kitterman
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- usefulness of postmaster account, (continued)
- Re: [spf-discuss] AOL to ESPs: Comply with SPF, Or Else, Jonathan Gardner
- snowball effect strategy for SPF conversion, Meng Weng Wong
- Re: AOL to ESPs: Comply with SPF, Or Else, wayne
- Re: AOL to ESPs: Comply with SPF, Or Else, Jonathan Gardner
- Re: AOL to ESPs: Comply with SPF, Or Else, Alan Hodgson
- RE: AOL to ESPs: Comply with SPF, Or Else, Julian Mehnle
- reputation systems and RHSBLs, Meng Weng Wong
- Re: reputation systems and RHSBLs, Jon Kyme
- RE: RE: AOL to ESPs: Comply with SPF, Or Else,
spf <=
- RE: RE: AOL to ESPs: Comply with SPF, Or Else, James Couzens
- Re: AOL to ESPs: Comply with SPF, Or Else, Paul Iadonisi
- Re: AOL to ESPs: Comply with SPF, Or Else, Meng Weng Wong
- RE: AOL to ESPs: Comply with SPF, Or Else, spf
- Re: AOL to ESPs: Comply with SPF, Or Else, Lars B. Dybdahl
- Re: AOL to ESPs: Comply with SPF, Or Else, Jonathan Gardner
- Re: AOL to ESPs: Comply with SPF, Or Else, Meng Weng Wong
- Re: AOL to ESPs: Comply with SPF, Or Else, Scott Taylor
- Re: AOL to ESPs: Comply with SPF, Or Else, Tim Meadowcroft
- Re: AOL to ESPs: Comply with SPF, Or Else, Koen Martens
|
|
|