well IMHO, the fact that a spammer have to register a domain, and put
his domain as sender is enough to trace him, block his domain. So
doesn't matter if they fake reply-to header, is there any spammer that
uses reply-to ?
I don't hope spam will stop with SPF, it will just be more effective.
I knew few "spammers", and most part of them were happy with SPF, will
help them to clean the "bad guys" image made by the ones that send
really junk email and don't honor the removes.
Well, I'm pretty happy using SPF to whitelist emails, and those who
don't pass on SPF test goes directly to our anti spam system (baysian
like).
On Wed, 8 Sep 2004 14:27:13 -0400 (EDT), Stuart D. Gathman
<stuart(_at_)bmsi(_dot_)com> wrote:
On Wed, 8 Sep 2004, jpinkerton wrote:
Any script kiddie can write a script which will insert false Reply-To:
addresses in their spam, and *that* is what I thought we were sorting out?
SPF only authenticates RFC2821 headers (envelope). Authenticating
RFC2822 headers is what Unified SPF and Sender-ID are addressing
(not very well IMHO - I think Domain Keys has a better change for
RFC2822 authentication).
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com