[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: @debian.org email forwarding and SPF

On Thursday, May 20, 2004 8:35 AM, Andrew Pollock <apollock@debian.org>

> On Wed, May 19, 2004 at 10:35:00PM -0400, Eric Dorland wrote:
>> * Andrew Pollock (apollock@debian.org) wrote:
>>> I'm sure honey@d.o is not writing me these emails, and I certainly
>>> constitute it as spam, and I would have thought that SPF would have
>>> prevented this?
>> Indeed, it will. It won't prevent the virus from sending from a
>> non-SPF address, but the hope is many will adopt this.
> Again, by my definition of spam as including unsolicited crap,
> usually with a forged from address, SPF would stop it. Can the "SPF
> won't stop spam" proponents please rebutt?

It's not stopping the mail because it's spam - it's stopping the mail
because the sender address is provably false. What happens when the virus
starts sending mail claiming to be from <validuser>@debian.org? It sails
straight through the SPF check...

Given the amount of bounces hitting our company server from mail claiming to
be from valid local addresses, none of which would have been stopped if both
we and the other servers employed SPF, I think the ball is firmly back in
your court. :)

("SPF stops spam" is a roughly equivalent argument to "blocking executables
stops viruses" - it's both inaccurate and confusing cause and effect).


Reply to: