Jeff McAdams on 22 Mar 2004 13:26:02 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Re: SPF


Walt Mankowski wrote:
> SPF isn't designed to look at accounts, only domains.  You're sending
> the mail from a comcast.com IP address, so Comcast just has to say
> that it's OK for that address to say that it's @comcast.com.

> So if you're at your parents's place you can relay through comcast or
> iglou.  Either way your envelope sender should be set to the proper
> domain, and the receiving SMTP servers should be happy.

So SPF basically accomplishes nothing.  I can put whatever I want
@comcast.com (its actually insightbb.com at my parents house, fwiw, but
we can continue using comcast for example purposes).  It just makes the
domain part match the mail server, which is next to useless.

> No.  The whole point is that spammers can't lie about which domains
> they're sending their mail from.  And that happens in the envelope,
> not the From: address.

So what?  The envelope isn't seen by the end user and isn't used in most
spam filtering solutions, all that has to be done is stick an @domain,
whichever domain, on the end of whatever envelope you want to use and
away you go.

I'm still not clear what practical benefit SPF brings.  So it ensures
that the envelope from comes from an authorized SMTP servers.  I just
don't see that being much of a help, and I see numerous drawbacks
(particularly where SMTP AUTH isn't available).

If I can drop my laptop on my parents cable connection and just change
the envelope from domain to insightbb.com or whatever and get my mail
through, then what benefit does SPF really provide?  I just don't see any.
-- 
Jeff McAdams
"He who laughs last, thinks slowest." -- anonymous

Attachment: signature.asc
Description: OpenPGP digital signature