[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: @debian.org email forwarding and SPF

On Fri, May 21, 2004 at 01:44:49AM +1000, Russell Coker wrote:
> On Fri, 21 May 2004 01:23, Andrew Suffield <asuffield@debian.org> wrote:
> > > This is partially correct, but not entirely.  If you receive a mail from
> > > a non-existent domain, you can very safely ignore the mail altogether. 
> > > So the first evasion scheme is not of any use.
> >
> > Tell that to the spammers. They certainly seem to think it's useful;
> > they've been doing it for years.
> As the number of mail servers that reject such mail increases spammers will 
> stop doing it.

You're forgetting rule 1: spammers are stupid.

It would be accurate to say that "as the number of servers that reject
such mail increases, there will exist spammers which send spam
differently". This is not very useful though.

> > > The second is somewhat useful for
> > > certain period of time, until most sites enable SPF.
> >
> > Stop. SPF is not suitable for use on most sites. See this thread. Your
> > argument is predicated on this not being true.
> SPF is more difficult to implement on sites such as debian.org.  However such 
> sites are a very small minority of all email addresses.  If you count the 
> number of email accounts controlled by the 6-10 biggest US ISPs and the 20 
> biggest European ISPs then you would probably find that they count for about 
> half the Internet population.

"Half the population" doesn't matter. The quantity of spam forged from
a given domain is not related to the number of real users at that
domain. The fact that the majority of users fall into this category is
why SPF is a good idea - but it won't help stop spam, because the
majority of *domains* do not.

  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ |
 `. `'                          |
   `-             -><-          |

Attachment: signature.asc
Description: Digital signature

Reply to: