| Jeff McAdams on 22 Mar 2004 13:26:02 -0000 |
|
Walt Mankowski wrote: > SPF isn't designed to look at accounts, only domains. You're sending > the mail from a comcast.com IP address, so Comcast just has to say > that it's OK for that address to say that it's @comcast.com. > So if you're at your parents's place you can relay through comcast or > iglou. Either way your envelope sender should be set to the proper > domain, and the receiving SMTP servers should be happy. So SPF basically accomplishes nothing. I can put whatever I want @comcast.com (its actually insightbb.com at my parents house, fwiw, but we can continue using comcast for example purposes). It just makes the domain part match the mail server, which is next to useless. > No. The whole point is that spammers can't lie about which domains > they're sending their mail from. And that happens in the envelope, > not the From: address. So what? The envelope isn't seen by the end user and isn't used in most spam filtering solutions, all that has to be done is stick an @domain, whichever domain, on the end of whatever envelope you want to use and away you go. I'm still not clear what practical benefit SPF brings. So it ensures that the envelope from comes from an authorized SMTP servers. I just don't see that being much of a help, and I see numerous drawbacks (particularly where SMTP AUTH isn't available). If I can drop my laptop on my parents cable connection and just change the envelope from domain to insightbb.com or whatever and get my mail through, then what benefit does SPF really provide? I just don't see any. -- Jeff McAdams "He who laughs last, thinks slowest." -- anonymous Attachment:
signature.asc
|
|