spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Can the SPF technique be used to stop IP address spoofing?

2004-11-23 12:31:30
from [David Woodhouse] [Permanent Link] 
On Tue, 2004-11-23 at 11:23 -0800, Stephen Pollei wrote:

Works for local networks, but once the routers get involved.... It's
even worse than a chain of ten forwarding mail servers, it varying
chains of on average eight to thirty-two hops of routers.


Thank you. The scale is different, yes -- but it's just like forwarding
really. They _could_ do NAT when I suddenly declare that what they've
been doing for decades is 'forgery'. But they won't.


So I think you'd be hard pressed to bet IPsec with opportunistic keying,
then you simply sign the packets.


Very true. And I'll probably implement DomainKeys or IIM instead of SPF
for mail, for the same reasons.

-- 
dwmw2
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: URGENT: Community Position on SenderID, william(at)elan.net
Next by Date:  Re: Sendmail white paper, Frank Ellermann
Previous by Thread:  Re: Can the SPF technique be used to stop IP address spoofing?, Stephen Pollei
Next by Thread:  acronym soup and request for urls, Stephen Pollei
Indexes:  [Date] [Thread] [Top] [All Lists]