Re: Zafi.b

Currently, the most widespread use of SPF is to whitelist domains, 
that are known to ensure, that viruses, worms and spam don't come 
from their mailservers.


Nobody can *ensure* that.  Today most mail worms will forge the From: 
address, so any method that allows you do reject a mail message because
of a discrepancy between the headers and where it really originates will
block those worms.

However....

There is nothing that prevents a worm from determining the "true" user and
domain of an infected machine, and then mail itself, looking just like any
other mail from that machine/user.  SPF will be powerless in that case, but
then again...it is not designed to stop something like that.  


-- 
Fridrik Skulason   Frisk Software International   phone: +354-540-7400
Author of F-PROT   E-mail: frisk(_at_)f-prot(_dot_)com       fax:   
+354-540-7401

<Prev in Thread]	Current Thread	[Next in Thread>
Zafi.b, administrator Re: Zafi.b, Lars Dybdahl Re: Zafi.b, Fridrik Skulason <= RE: Zafi.b, spf Re: Zafi.b, Fridrik Skulason RE: Zafi.b, spf Re: Zafi.b, Jeffrey Goldberg Re: Zafi.b, Koen Martens Re: Zafi.b, Lars Dybdahl OT: Hungarian and SPF meanings [was: Zafi.b], Jeffrey Goldberg Re: Zafi.b, Karl Prince

Previous by Date:	RE: The SPF Acronym Confussion, Brad Glore
Next by Date:	OT: Hungarian and SPF meanings [was: Zafi.b], Jeffrey Goldberg
Previous by Thread:	Re: Zafi.b, Lars Dybdahl
Next by Thread:	RE: Zafi.b, spf
Indexes:	[Date] [Thread] [Top] [All Lists]