On Thu, May 20, 2004 at 05:35:07PM +1000, Andrew Pollock wrote: > > > I'm sure honey@d.o is not writing me these emails, and I certainly > > > constitute it as spam, and I would have thought that SPF would have > > > prevented this? > > > > Indeed, it will. It won't prevent the virus from sending from a > > non-SPF address, but the hope is many will adopt this. > > Again, by my definition of spam as including unsolicited crap, usually with > a forged from address, SPF would stop it. Can the "SPF won't stop spam" > proponents please rebutt? SPF won't stop spam. SPF will stop spam from being sent with forged, valid sender addresses from SPF-enabled domains. Spammers will respond by changing their code to use: - invalid sender addresses - valid sender addresses from domains without SPF enabled SPF can't stop spam because spammers can trivially evade its effects. You seem to be assuming that spammers are incapable of changing their behaviour to respond to things like this. Worms can do even worse. They can harvest outlook settings from the local box and use them to send SPF-authenticated spam or worms. This one has a sting in its tail; if people think that SPF would stop these worms, then it would increase the confidence that this mail was not a worm - with disasterous results. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
Attachment:
signature.asc
Description: Digital signature