[Top] [All Lists]

RE: Why will SPF stop SPAM.

2004-08-17 10:36:26
You said:
Domains that publish strict SPF  offer assurances for themselves
and for people receiving their e-mail that the source of the e-mail
is valid.

I disagree with the above.

As stated by Koen "SPF protects my domains from being used by malicious
persons / programs, and therefore SPF is very useful for me."

I agree, my domain is protected, but the people on the receiving end are
not.  They don't know if my domain is sending spam or not, or any other
domain.  But I know that no one else can send mail and pretend to be me.

A side note...  Since I must forward email using comcast.net, anyone else
that has access to comcast.net can fake an email from me.

In short, SPF can protect the sender, not the receiver.


-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Daniel 
Sent: Tuesday, August 17, 2004 8:25 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Why will SPF stop SPAM.

Hash: SHA1

David Woodhouse wrote:
| On Tue, 2004-08-17 at 07:21 +0100, Paul Howarth wrote:
|>On its own, SPF will not stop spam
| Right.
And a hammer is useless for holding boards together,
but try driving nails in without one.
|>This is why there has been much discussion of reputation services
|>recently, which will allow domain names to be scored, so that domains
|>with reputations for sending non-spam mail can be distinguished from
|>those that don't.
| Right. So we've imposed all this breakage, and still haven't got any
| sane and actually deployable alternative to SRS for _fixing_ said
| breakage -- and we've 'reduced' the problem to basically the same
| problem as we had before. Only instead of listing IP addresses in our
| 'reputation database' we are now listing domain names.
| Seems like the whole exercise was fairly pointless.
We've been through this before Mr Woodhouse, you have
an awful lot of sour grapes to press here.
What we get with SPF is  a significant improvement. Domains
that publish strict SPF  offer assurances for themselves and
for people receiving their e-mail that the source of the e-mail
is valid.

Simply knowing that the source is valid is a monster huge
step to being able to take actions like local and pooled
reputation systems and accreditation systems with teeth.

Reducing forgery is absolutely necessary to making sure that
e-mail becomes civilized again.

- --
Daniel Taylor          VP Operations            Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com   http://www.vocalabs.com/        
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org


Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
please go to

<Prev in Thread] Current Thread [Next in Thread>