Eugene Smiley on 30 Aug 2005 23:34:05 -0000 |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 George A. Theall wrote: > On Tue, Aug 30, 2005 at 11:40:02AM -0400, gyoza@comcast.net wrote: > >>All SPF would do is ensure that the spam is >>sent from an approved server! > > Exactly. And thus, getting back to my original message, the notion > of using SPF for whitelisting addresses is foolish if that's what > AOL and Earthlink are truly doing. <I don't recall details of how AOL uses their whitelist, but it's been disussed in general terms on the SPF mailinglist (which I've been off of for6 months or so) http://postmaster.aol.com/tools/dynamic_guidelines.html.> How would a whitelist be of any use if you weren't sure that the MAIL FROM hasn't been faked? I could get around the whitelist by finding a message that gets through and then use that address in the MAIL FROM of all my outgoing spam to that service until it gets blocked and I start all over again. Mean while Aunt Sally is wondering why all these people are flaming her for spam she didn't send and asking you why. Hardly foolish. The best visual and written explanation can be found at: http://spf.pobox.com/2dimensions.html http://spf.pobox.com/for-mit-spam-conference.html It shows how SPF is simply one piece of an evolving puzzle. For AOL, Earthlink, Google, etc it makes sense to publish SPF to protect their Trademarks. It hurts their reputation when their domain name is forged. It makes sense for them to check SPF records because it's possible to reduce the load on their mail infrastructure. It's sound business either way. -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQxTsyOkD7QKn7f0vEQJ+TACg+4FKs5WvYDcPl8kcZadS/OB6SooAnjaj KySDBFGOK0WEIkKjaKiiKNq+ =pHtC -----END PGP SIGNATURE----- ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|