Re: @debian.org email forwarding and SPF
On Thursday, May 20, 2004 10:03 AM, Isaac To <email@example.com> wrote:
>>>>>> "Adam" == Adam D Barratt
>>>>>> <firstname.lastname@example.org> writes:
> Adam> It's not stopping the mail because it's spam - it's
> stopping the Adam> mail because the sender address is provably
> false. What happens Adam> when the virus starts sending mail
> claiming to be from Adam> <validuser>@debian.org? It sails
> straight through the SPF check...
> That's not the case. If the spam is not really sent from a computer
> that the SPF record of debian.org approves, no matter whether the
> user-id is valid the mail will not be delivered successfully.
Mea culpa. I obviously confused it with one of the other myriad sender
checking schemes. As such, I'll shut up now.
> Adam> ("SPF stops spam" is a roughly equivalent argument to
> "blocking Adam> executables stops viruses" - it's both inaccurate
> and confusing Adam> cause and effect).
> I think if all viruses are executables, then the statement "blocking
> executables stops viruses" is a correct statement; and if "most"
> viruses are executable the statement is not too wrong either.
Blocking executables stops viruses, but it also stops things that *aren't*
viruses. That was the point I was attempting (and possibly failing) to make.
Likewise, SPF also potentially blocks/breaks/prohibits things that aren't
spam (as you described much more eruditely in the paragraph I've snipped).