On Wed, 2005-10-19 at 10:52 -0700, Dennis Willson wrote:
I've started receiving email from zombies that had forged "Header
FROM:" addresses (which is what the users see) and some had used
an "envelope MAIL FROM:" for a domain that was globally SPF PASS. I
have also received some where the "envelope MAIL FROM:" was just
a domain with no SPF record. This means the zombies are beginning to
render SPF less useful. Greylisting solved most of these as the
zombies don't queue and resend (yet).
SPF is less useful in the immediate term for "reject before DATA", yes,
because the zombie sent spam still gets through.
Mmh.. I'd say that SPF is working exactly as it was designed -- it was
predicted that this would happen: spammers would convert to using
domains that are globally SPF PASS or use domains that don't have
policies. This would hopefully encourage domain owners and mail admins
to institute and enforce strict SPF and mail submission policies to
avoid having domain forgery. It becomes obvious which domains are
enablers for spam (by having open-ended policies). This is when peer
pressure comes into play, hopefully, to get submission further under
control, and domain reputation services can start having a measurable
effect.
--
Andy Bakun <abakun(_at_)thwartedefforts(_dot_)org>
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com