[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: @debian.org email forwarding and SPF



On Thu, 20 May 2004 22:09, Andrew Suffield <asuffield@debian.org> wrote:
>  - valid sender addresses from domains without SPF enabled

If spammers do that then it will provide a significant incentive for adding 
SPF to all domains.  If spammers use a random selection of From: addresses 
then once we have domains covering half the Internet user-base with SPF 
entries in their DNS the number of messages pretending to be from any given 
non-SPF domain should be expected to double.

I use a moderate number of DNSBL services.  Of the spam that gets past my 
DNSBL's recently about half of it is bounces of spam that used one of my 
email addresses.  So if I didn't use SPF DNS entries and half the Internet 
did then I would expect to have a 50% increase of spam.  If 80% of the 
Internet used the SPF DNS entries then once the spammers caught up I would 
expect to see a 200% increase in spam if I didn't have them.

Even if I didn't like SPF I would be compelled to use it if more than 50% of 
the email addresses were protected by it once the spammers caught up.  As 50% 
of the email addresses are probably run by a couple of dozen companies that 
could easily happen in a short period of time (if it hasn't already).

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page



Reply to: