On Tuesday 17 April 2007 23:43, Jim Fenton wrote:
Scott Kitterman wrote:
On Sat, 14 Apr 2007 17:58:20 -0400 (EDT) "Stuart D. Gathman"
<stuart(_at_)bmsi(_dot_)com> wrote:
On Sat, 14 Apr 2007, Adrian de los Santos wrote:
There is any implementation of spf that checks the from of the data
transaction ?
No. Sender-ID could have been, but it checks some random header chosen
by the spammer. (Well not random, but using a patented algorithm.)
How can i prevent forged froms on the data transaction ?
Use DKIM. This requires the sender to sign their headers, and publish
a public key in DNS.
Yes, except currently it lacks any way to describe in the protocol any
requirement for a relationship between the signing domain and thr From
domain. Without a reputation system behind it (Stuart this is a hint) it
is even less useful to the receiver than SPF. The DKIM working group is
chartered to deal with this, but not making a lot of progress.
The DKIM working group just completed last-call on the requirements
document for SSP, and that seems like a fair bit of progress to me.
Hello Jim,
Welcome.
You are correct about the last-call. Personally, I'm very pessimistic that
the group will produce anything useful. I haven't given up. We'll see.
But none of that's useful for admins who need something they can deploy today.
Scott K
-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com