-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of
Fridrik Skulason
Sent: Tuesday, June 15, 2004 4:03 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Zafi.b
Currently, the most widespread use of SPF is to whitelist domains,
that are known to ensure, that viruses, worms and spam don't come
from their mailservers.
Nobody can *ensure* that. Today most mail worms will forge the From:
address, so any method that allows you do reject a mail message because
of a discrepancy between the headers and where it really originates will
block those worms.
However....
There is nothing that prevents a worm from determining the "true" user and
domain of an infected machine, and then mail itself, looking just like any
other mail from that machine/user. SPF will be powerless in that
case, but
then again...it is not designed to stop something like that.
But SPF is not an anti-virus solution. It is a anti-forgery solution.
Yes, that could happen, but generally speaking it would have to be the mail
server that was infected, not the individual desktop (unless I suppose the
virus was able to make use of the MUA installed in the desktop to
authenticate to the server). Server infections are a lot less likely. This
is all true, but not really relevant to SPF AFAICT.
Solving forgery won't solve the virus problem and it won't solve the spam
problem, but it will make the chain of accountability a lot more solid.
That's a step in the right direction.
Scott K