Bruce Barnes wrote:
My apologies for "yelling" in my previous post.
"We" (tinw) are doing it all from time to time, no problem. ;-)
once accepted and implemented, SPF will indeed help to
reduce both phishing and spam
So far I agree. But please don't get carried away, SPF only
fixes one blatant hole in SMTP, nothing more and nothing less.
Remember "open relays" ? Almost all closed now, or blacklisted
worldwide, and spammers won't use any blacklisted open relay,
they want to reach their unhappy "audience".
SPF is _not_ the "final ultimate solution of the spam problem".
SPF is _no_ magic wand stopping phishing (social engineering).
Saying so even if it's not true hurts SPF. While Harry, Jim,
Meng, and Phillip apparently think that making false promises
is no problem as long as it's for a good cause that's not the
majority opinion here.
it will provide a more reliable audit-trail within the header
of the message to validate who actually sent the message.
It protects innocent bystanders from forgeries. That's all.
And it still allows spammers to publish a sender policy like
"v=spf1 exists:%{ir}.comcast.blackholes.us -all" - and this
policy essentially says "all your bases are belong to us" and
allows them to fire from their spamcast zombies as always.
Bye, Frank