-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul Howarth wrote:
| Daniel Taylor wrote:
|
|> Paul Howarth wrote:
|> | how does SPF stop a spammer using throwaway domains with SPF records
|> | allowing any zombie to send for the domain, where the domain was
|> | registered using false information and phished credit card details?
|> |
|> It doesn't directly, but the reputation systems it allows
|> would make it trivial to spot such an attempt.
|> "hey, this domain is only a week old and has +all? better check
|> it more closely..."
|
|
| Sure, but where are these reputation systems going to come from? And
| who's going to pay for them, particularly given that they'll be a magnet
| for litigation from the owners of domains that think their reputations
| should be better than they are (just like Harris/Yesmail etc.
| effectively litigated MAPS out of existence as far as most of the
| Internet is concerned)?
|
As I pointed out, a formal reputation system is not necessary
to catch fly-by-nights. New domains will usually be suspect,
just as people are reluctant to do critical business with
companies that are "too new", and new domains with overly permissive
SPF records will probably get blackholed with the rest of the
untrusted internet.
- --
Daniel Taylor VP Operations Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com http://www.vocalabs.com/
(952)941-6580x203
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFBAUg38/QSptFdBtURAp3WAJ9D4a5X5BirKg78/rJZ8cvinxKEygCffH8C
Md5slD7LvDQIYcwXJ+4i8/I=
=T7pO
-----END PGP SIGNATURE-----