Re: Is SPF Authenication or Authorization?
2004-09-22 20:48:16
Dave Crocker wrote:
On Wed, 22 Sep 2004 21:51:26 GMT, Mark wrote:
There is no reason to exaggerate this "spoofing", though, as the
extent is only local. Simply put: only users on your system can set
their address to another user of that system (or likely an non-
existing, local user even), as
well, as long as the threat is limited to the few (1?, 10? 70?)
millions of users that share my ISP's MTA, I guess that's ok.
Do I detect a hint of sarcasm? :) Seriously, though, I look upon these
things in terms of phases. We're in a transitional phase now, where ISP's
are encouraged to start enforcing the use of SMTP AUTH. Once that process
has completed, or largely so, AUTH info could be used to do forced address
rewriting. We're not there yet, though. For now, SPF will already stop
foreign parties from spoofing your domain name; that is not bad.
Also, people seem to want all-in tool to protect them against all threats,
foreign and domestic. SPF, in spoofing terms, gives you protection against
foreign threats, not domestic. And I should point out that this is not a
shortcoming of SPF. Unless people sign headers, or the ISP enforces address
rewriting, there is no means to authenticate an email address. That is why I
entered this thread anyway; because, whereas I am a huge SPF proponent, I do
not try and sell it as an authentication tool as well.
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: Is SPF Authenication or Authorization?, (continued)
- Re: Is SPF Authenication or Authorization?, Stuart D. Gathman
- Re: Is SPF Authenication or Authorization?, Alex van den Bogaerdt
- Re: Is SPF Authenication or Authorization?, Meng Weng Wong
- Re: Is SPF Authenication or Authorization?, Alex van den Bogaerdt
- Re: Is SPF Authenication or Authorization?, Steve Meyers
- Re: Is SPF Authenication or Authorization?, Meng Weng Wong
- Re: Is SPF Authenication or Authorization?, Mark
- Re: Is SPF Authenication or Authorization?, Dave Crocker
- Re: Is SPF Authenication or Authorization?, Mark
- Re: Is SPF Authenication or Authorization?, Dave Crocker
- Re: Is SPF Authenication or Authorization?,
Mark <=
- Re: Is SPF Authenication or Authorization?, Theo Schlossnagle
- Re: Is SPF Authenication or Authorization?, Tony Finch
- RE: Is SPF Authenication or Authorization?, Scott Kitterman
- Re: Is SPF Authenication or Authorization?, Alex van den Bogaerdt
- Re: Is SPF Authenication or Authorization?, Ralf Doeblitz
- Is SPF Authenication or Authorization?, Roger Moser
- Re: Is SPF Authenication or Authorization?, Dave Crocker
RE: Is SPF Authenication or Authorization?, Hallam-Baker, Phillip
|
|
|