spf-discuss
[Top] [All Lists]

RE: Why will SPF stop SPAM.

2004-08-17 10:24:05
You said:
Domains that publish strict SPF  offer assurances for themselves
and for people receiving their e-mail that the source of the e-mail
is valid.

I disagree with the above.

As stated by Koen "SPF protects my domains from being used by malicious
persons / programs, and therefore SPF is very useful for me."

I agree, my domain is protected, but the people on the receiving end are
not.  They don't know if my domain is sending spam or not, or any other
domain.  But I know that no one else can send mail and pretend to be me.

A side note...  Since I must forward email using comcast.net, anyone else
that has access to comcast.net can fake an email from me.

In short, SPF can protect the sender, not the receiver.

Guy

-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Daniel 
Taylor
Sent: Tuesday, August 17, 2004 8:25 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Why will SPF stop SPAM.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Woodhouse wrote:
| On Tue, 2004-08-17 at 07:21 +0100, Paul Howarth wrote:
|
|>On its own, SPF will not stop spam
|
|
| Right.
|
And a hammer is useless for holding boards together,
but try driving nails in without one.
|
|>This is why there has been much discussion of reputation services
|>recently, which will allow domain names to be scored, so that domains
|>with reputations for sending non-spam mail can be distinguished from
|>those that don't.
|
|
| Right. So we've imposed all this breakage, and still haven't got any
| sane and actually deployable alternative to SRS for _fixing_ said
| breakage -- and we've 'reduced' the problem to basically the same
| problem as we had before. Only instead of listing IP addresses in our
| 'reputation database' we are now listing domain names.
|
| Seems like the whole exercise was fairly pointless.
|
We've been through this before Mr Woodhouse, you have
an awful lot of sour grapes to press here.
What we get with SPF is  a significant improvement. Domains
that publish strict SPF  offer assurances for themselves and
for people receiving their e-mail that the source of the e-mail
is valid.

Simply knowing that the source is valid is a monster huge
step to being able to take actions like local and pooled
reputation systems and accreditation systems with teeth.

Reducing forgery is absolutely necessary to making sure that
e-mail becomes civilized again.

- --
Daniel Taylor          VP Operations            Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com   http://www.vocalabs.com/        
(952)941-6580x203
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFBIfkx8/QSptFdBtURAtAnAJ425IQ++/OmLrMG7xRrUM3js5fnRwCeIdRb
0yRcKXdYxTwlRLogwWksi+Q=
=RlR1
-----END PGP SIGNATURE-----

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription, 
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com


<Prev in Thread] Current Thread [Next in Thread>