[Chris Drake]
How many times do we have to tell everyone the same thing:-
SPF IS NOT AN ANTISPAM TECHNOLOGY
NOT NOT NOT NOT NOT NOT NOT.
It's an authentication mechanism, which happens to be very useful
for helping with spam problems - but it's NOT an anti-spam
technology.
Do not substitute marking names.
It's like puting cop in front of bank pretending he is protecting your
money.
But in case of bank robbery - bank will tell:
"Ups.. We are sorry. You was thinking single cop will be able to protect
your money ?
We used him only as an advertisement to attract clients"
Do not attempt to protect current SPF design shortcommings by changing
design goals.
Originaly SPF was targeted against spam.
If I will realy need sender authentication - I will use PGP or S/MIME or SSL
or something else.
I will never rely on IP address message from citibank will come to me.
http://www.linuxjournal.com/article.php?sid=7328
"Sender Policy Framework (SPF) takes aim at the practice of return-path
spoofing, a technique employed by worms, viruses and other senders of
unwanted mail."
My original question was - Do SPF prevent bounce/notification/ORCPT address
spoofing ?
If not - why ? I've provided an example how spammers can deliver short
messages to inocent mailboxes using refrected forgery that will be somethat
hard to prevent.
How many times I must repeat my technical questions while waiting for
techincal answers ?
Sorry,
--
Andriy G. Tereshchenko
TAG Software
Odessa, Ukraine
http://www.24.odessa.ua