On Sat, 14 Apr 2007, Adrian de los Santos wrote:
There is any implementation of spf that checks the from of the data
transaction ?
No. Sender-ID could have been, but it checks some random header chosen
by the spammer. (Well not random, but using a patented algorithm.)
How can i prevent forged froms on the data transaction ?
Use DKIM. This requires the sender to sign their headers, and publish
a public key in DNS.
However, SPF will indirectly suppress forged From if you track MAIL FROM
reputation like I do, and start rejecting the senders that source a lot of
spam.
I will admit, my quarantine is full of a lot of messages MAIL FROM
randomlocalpart(_at_)spammerdomain(_dot_)biz(_dot_) So I may invent something
SPF like
to protect just my own From: domains on my own servers. DKIM is too
heavyweight for that purpose.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com