Eugene Smiley on 23 Mar 2004 16:35:02 -0000 |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephen Gran wrote: > It's not that SPF does nothing, it's just that there are already > things that do these kinds of things without breaking things in the > way. Exim4 supports 'verify = sender/callout', which checks that > both the domain has an MX record, and that that domain accepts mail > for that user. that eliminates stuck messages in the queue. You > can already reject mail based on mismatched/forged helo strings > trivially in many MTA's, just by doing a DNS lookup. True, but you don't get the detail that you can get by allowing a domain owner to publish an SPF record to specify the EXACT server(s) allowed to send mail. Also from the article[1]:" "Why Do People Use SPF?" "Big domains, including ISPs, banks and well-known brands care about controlling their trademarks. They have an obligation to protect their names. Altavista.com publishes an SPF record as do AOL and Oxford. More domains get on the bandwagon every day. Smaller domains publish SPFs simply because they don't want to be joe-jobbed." "On the receiving end, ISPs upgrade their MTAs and turn on SPF simply because it means less forgeryless spam, worms and viruses. Their bandwidth costs go down, too, because SPF lets them cut off the spammer before data is transmitted. They don't have to perform any cryptography or verify any signatures. SPF saves money." > This doesn't stop someone from helo'ing as > 'client.spammer.adsl.com', and setting a mail from: as joe@aol.com, > but it's moving in the right direction, without breaking so many > other things. The largeish ISP I do some backend work for rejects > about 3 times as much mail as gets through right now, with just > these kinds of checks in place. Admittedly, more spam than I would > like is still getting through, but we're getting there. See above... [1] http://www.linuxjournal.com/article.php?sid=7327 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-nr2 (Windows XP) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAYGax6QPtAqft/S8RAiPHAKDIXhQtVSw86NadRWeuw7bOl2aywwCbBB+f hxwWmA8f5alEJq3t/6krRqM= =NZAX -----END PGP SIGNATURE----- ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|