Eugene Smiley on 23 Mar 2004 16:35:02 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Re: SPF


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen Gran wrote:
> It's not that SPF does nothing, it's just that there are already
> things that do these kinds of things without breaking things in the
> way.  Exim4 supports 'verify = sender/callout', which checks that
> both the domain has an MX record, and that that domain accepts mail
> for that user.  that eliminates stuck messages in the queue.  You
> can already reject mail based on mismatched/forged helo strings
> trivially in many MTA's, just by doing a DNS lookup.

True, but you don't get the detail that you can get by allowing a
domain owner to publish an SPF record to specify the EXACT server(s)
allowed to send mail. Also from the article[1]:"

"Why Do People Use SPF?"

"Big domains, including ISPs, banks and well-known brands care about
controlling their trademarks. They have an obligation to protect their
names. Altavista.com publishes an SPF record as do AOL and Oxford.
More domains get on the bandwagon every day. Smaller domains publish
SPFs simply because they don't want to be joe-jobbed."

"On the receiving end, ISPs upgrade their MTAs and turn on SPF simply
because it means less forgeryless spam, worms and viruses. Their
bandwidth costs go down, too, because SPF lets them cut off the
spammer before data is transmitted. They don't have to perform any
cryptography or verify any signatures. SPF saves money."

> This doesn't stop someone from helo'ing as
> 'client.spammer.adsl.com', and setting a mail from: as joe@aol.com,
> but it's moving in the right direction, without breaking so many
> other things.  The largeish ISP I do some backend work for rejects
> about 3 times as much mail as gets through right now, with just
> these kinds of checks in place.  Admittedly, more spam than I would
> like is still getting through, but we're getting there.

See above...

[1] http://www.linuxjournal.com/article.php?sid=7327

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-nr2 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAYGax6QPtAqft/S8RAiPHAKDIXhQtVSw86NadRWeuw7bOl2aywwCbBB+f
hxwWmA8f5alEJq3t/6krRqM=
=NZAX
-----END PGP SIGNATURE-----

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug