[Top] [All Lists]

Re: [spf-discuss] Phishing passing thru spf = not useful to me.

2007-04-14 14:58:58
On Sat, 14 Apr 2007, Adrian de los Santos wrote:

There is any implementation of spf that checks the from of the data  
transaction ?

No.  Sender-ID could have been, but it checks some random header chosen
by the spammer.  (Well not random, but using a patented algorithm.)

How can i prevent forged froms on the data transaction ?

Use DKIM.  This requires the sender to sign their headers, and publish
a public key in DNS.

However, SPF will indirectly suppress forged From if you track MAIL FROM
reputation like I do, and start rejecting the senders that source a lot of

I will admit, my quarantine is full of a lot of messages MAIL FROM
randomlocalpart(_at_)spammerdomain(_dot_)biz(_dot_)  So I may invent something 
SPF like
to protect just my own From: domains on my own servers.  DKIM is too
heavyweight for that purpose.

              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com