On Tue, Jun 15, 2004 at 04:11:43PM -0400, spf(_at_)kitterman(_dot_)com wrote:
There is nothing that prevents a worm from determining the "true" user and
domain of an infected machine, and then mail itself, looking just like any
other mail from that machine/user. SPF will be powerless in that
case, but
then again...it is not designed to stop something like that.
But SPF is not an anti-virus solution. It is a anti-forgery solution.
Yes, that could happen, but generally speaking it would have to be the mail
server that was infected, not the individual desktop (unless I suppose the
virus was able to make use of the MUA installed in the desktop to
authenticate to the server). Server infections are a lot less likely. This
is all true, but not really relevant to SPF AFAICT.
Solving forgery won't solve the virus problem and it won't solve the spam
problem, but it will make the chain of accountability a lot more solid.
That's a step in the right direction.
I've said this before with regard to ISP's that block port 25 for their
customers, I think virus-writers will soon become smart enough to
realise they need the config in the MUA to keep spreading their worms.
And it really isn't that difficult I guess, especially when the majority
is using outlook, eudora or some mozilla based program.
Koen
--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Send us money! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
pgpMEOcnNUiDk.pgp
Description: PGP signature