On Wed, 2004-12-08 at 12:17 -0500, Meng Weng Wong wrote:
I've received many spams recently that attempt to phish
ebay.com and paypal.com which do publish SPF records.
They all have a return-path like MAIL
FROM:<blah(_at_)nospf(_dot_)random(_dot_)com>
but
From: <paypal(_at_)paypal(_dot_)com>
so maybe spammers are checking SPF records and not forging
return-paths for domains that publish. Hey, if enough
spammers check SPF records, then receivers might never have
to :)
That'd be nice. Then the receivers won't be throwing away valid mail.
Let's hope we can accelerate the process and have it cover SenderID too.
Encourage spammers to start sending MAIL
FROM:<blah(_at_)nospf(_dot_)random(_dot_)com>
and
Resent-From:<blah(_at_)nosenderid(_dot_)random(_dot_)com>
From: <paypal(_at_)paypal(_dot_)com>
... and then people don't even need to start checking SenderID either.
because it obvious now that it's all about the _latest_ hop anyway. We
can revert to just using the HELO name and CSV, since SPF and SenderID
aren't actually buying us anything more useful than that anyway.
--
dwmw2