|
All Archives /
aussie-isp /
2006-04
|
<<< Date >>> | |
| Permanent Link | ||
|
Date: Wed, 19 Apr 2006 13:37:30 +1000
From: Sean Winn To: Craig Sanders, aussie-isp Cc: aussie-isp Message-Id: <000301c66362$96bc5e70$2522630a@t22> In-Reply-To: <20060418224557.GA12751@taz.net.au> Subject: RE: [Oz-ISP] SPF Records |
Followups: <20060419051843.GA12158@taz.net.au> |
|
m a j o r d o m o - o w n e r @ k o a l a . a u s s i e . n e t wrote: > On Tue, Apr 18, 2006 at 08:03:14PM +1000, Sean Winn wrote: >> Value of SPF? Very little except for being feel-good about forged >> email. Spammers can use SPF as well, with throw-away domains, and >> probably do. > > that's not surprising because *SPF IS NOT AN ANTI-SPAM TOOL*. Overall, we're in agreement but this is an inaccuracy. Its avowed purpose is an anti-spam tool, by removing the ability to be from a forged envelope (ref: www.openspf.org .) No one has ever claimed it to be a complete spam blocker, but it does attempt to provide a layer of trust. The lack of value comes from the layer of trust being effectively worthless, both as it applies to spam (validating a domain doesn't buy you much until domains get some trust), and for forgery in general based on the current implementations (very few large sites publish restrictive SPF records.) The former won't change readily, the latter may. I'm not holding my breath for either. I'm as guilty as anyone else of using '?all' where I can't be sure everyone's sending through my server. ---- email "unsubscribe aussie-isp" to m a j o r d o m o @ a u s s i e . n e t to be removed. |
|