On Tue, 7 Dec 2004, David Woodhouse wrote:
To me, SPF is not about stopping spam,
it's about stopping spam that purports to come from my domain(s).
But SPF doesn't achieve that, because it still allows:
MAIL FROM:<SRS0=xx=yy=kitterman(_dot_)com=spf2(_at_)forwarder(_dot_)org>
From: Scott Kitterman <spf2(_at_)kitterman(_dot_)com>
99.5% of recipients really won't be able to tell the difference.
Well now, then they are no worse off than before SPF. And when
someone with a clue finally configures their MTA properly so it
doesn't accept forwards from just anyone, they will be better off.
And in the meantime, with 40000 spams/worms/forgeries a day, I have yet
to see a single one using a bogus SRS forwarder. So they are better
off even now.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.