spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Re: Email Forwarder's Protocol ( EFP )

2005-02-28 17:00:44
from [David MacQuigg] [Permanent Link] 
At 10:56 PM 2/28/2005 +0000, Mark wrote:


[snip]
> I thought SPF's mission is just to tell if the message is
> authentic or not, but not suggest any disposition, be it
> to accept or to reject.

Well, as I said elsewhere, there is, of course, an "implicit"
recommendation associated with 'fail' that is hard to ignore. That is why
I, personally, lean towards looking at this in terms of "sender policy"
(after all, we call it Sender Policy Framework, no?). But really a cogent
case can be made for the exact opposite position, if you argue, like the
folks of SA do, for instance, that it is not SPF which makes the decision
for you, but you yourself. Clearly true as well.
Either way the most disturbing thing is that we have an SRS header, indicating the SPF check was done, but with a forged 'amazon.com' in that header and no indication of failure.
What started this was my discussion on the SpamCop forum with a bunch of anti-SPF folks who really believe it can't work technically. I challenged them to spam me with 'aol.com', and five minutes later I got my spam. Silly me, I though AOL was really in the forefront, and I hadn't looked at their SPF record. Then I found amazon.com with "-all", and dared them to try again. Again, I got spammed. For the third and final try, Stuart set up a forwarding address for me at bmsi.com. That worked, but I had to run the test myself. Nobody at SpamCop was listening. 

-- Dave


*************************************************************     *
* David MacQuigg, PhD              * email:  dmq'at'gci-net.com   *  *
* IC Design Engineer               * phone:  USA 520-721-4583  *  *  *
* Analog Design Methodologies                                  *  *  *
*                                  * 9320 East Mikelyn Lane     * * *
* VRS Consulting, P.C.             * Tucson, Arizona 85710        *
*************************************************************     *

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper!  http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: (Grumble, Grumble) HTML Email, David MacQuigg
Next by Date:  Re: DNS lookup limit?, Frank Ellermann
Previous by Thread:  RE: Re: Email Forwarder's Protocol ( EFP ), Mark
Next by Thread:  RE: Re: Email Forwarder's Protocol ( EFP ), Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]