Eugene Smiley on 30 Aug 2005 23:34:05 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Verizon blacklist?

Hash: SHA1

George A. Theall wrote:
> On Tue, Aug 30, 2005 at 11:40:02AM -0400, wrote:
>>All SPF would do is ensure that the spam is
>>sent from an approved server!
> Exactly.  And thus, getting back to my original message, the notion
> of using SPF for whitelisting addresses is foolish if that's what
> AOL and Earthlink are truly doing.

<I don't recall details of how AOL uses their whitelist, but it's
been disussed in general terms on the SPF mailinglist (which I've
been off of for6 months or so)>

How would a whitelist be of any use if you weren't sure that the MAIL
FROM hasn't been faked? I could get around the whitelist by finding a
message that gets through and then use that address in the MAIL FROM
of all my outgoing spam to that service until it gets blocked and I
start all over again. Mean while Aunt Sally is wondering why all
these people are flaming her for spam she didn't send and asking you

Hardly foolish.

The best visual and written explanation can be found at:

It shows how SPF is simply one piece of an evolving puzzle.

For AOL, Earthlink, Google, etc it makes sense to publish SPF to
protect their Trademarks. It hurts their reputation when their domain
name is forged. It makes sense for them to check SPF records because
it's possible to reduce the load on their mail infrastructure. It's
sound business either way.

Version: PGP 8.0.3

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --