Re: SPF (was: Re: Bug#257644: ITP: libspf2 -- Sender Policy Framework library, written in C)

To: debian-devel@lists.debian.org
Subject: Re: SPF (was: Re: Bug#257644: ITP: libspf2 -- Sender Policy Framework library, written in C)
From: erik@zoneedit.com (Erik Aronesty)
Date: 23 Jul 2004 11:33:33 -0700
Message-id: <[🔎] 3939595a.0407231033.3063ce14@posting.google.com>
References: <[🔎] 20040704214611.39525198CD6@nightcrawler> <[🔎] 1089024707.20634.5.camel@leom181.leom.ec-lyon.fr> <[🔎] 200407051315.55946@fortytwo.ch> <[🔎] 87llhymqid.fsf@sinken.local.csis.hku.hk> <[🔎] 3939595a.0407220943.6dc21107@posting.google.com> <[🔎] 87vfgfa5p0.fsf@sinken.local.csis.hku.hk>

Isaac To <iketo2@netscape.net> wrote in message news:<2kYrZ-u1-3@gated-at.bofh.it>...
> >>>>> "Erik" == Erik Aronesty <erik@zoneedit.com> writes:
> 
>     Erik> Spammers can use this loophole to get around SPF.  Thus SPF
>     Erik> is ...  well ... broken.
> 
> This complain to SRS is something new to me, and such knowledge will
> enhance our understanding on naysayers of SPF.  Care to take a look at
> 
> http://www.libsrs2.org/srs/srs.pdf

That pdf didn't work for me.  I read this instead. 
http://spf.pobox.com/srspng.html

I was thinking that a spammer could creates an envelope address with
"SRS0+hash=timestamp=aol.com=bob@throwawaydomain.com" and a From:
bob@aol.com with valid SPF info in throwawaydomain.com.

They, obviously, could do this.  Someone who sees that spam will,
likely, blame aol.com and not "throwawaydomain.com".  Just like
spammers use throwawar IP's to send mail, they will use throwaway
domains to masquerate as forwarding agents - just like they use
throwaway IP's now.

Does this tool justify the complexity and effort of implementing SPF?

Or should we be moving towards something like IM2000?

Reply to:

Follow-Ups:
- Re: SPF
  - From: Adam Majer <adamm@galacticasoftware.com>
- Re: SPF (was: Re: Bug#257644: ITP: libspf2 -- Sender Policy Framework library, written in C)
  - From: Isaac To <iketo2@netscape.net>
- Re: SPF (was: Re: Bug#257644: ITP: libspf2 -- Sender Policy Framework library, written in C)
  - From: Isaac To <iketo2@netscape.net>

References:
- Bug#257644: ITP: libspf2 -- Sender Policy Framework library, written in C
  - From: Eric Dorland <eric@debian.org>
- Re: Bug#257644: ITP: libspf2 -- Sender Policy Framework library, written in C
  - From: Josselin Mouette <joss@debian.org>
- SPF (was: Re: Bug#257644: ITP: libspf2 -- Sender Policy Framework library, written in C)
  - From: Adrian 'Dagurashibanipal' von Bidder <avbidder@fortytwo.ch>
- Re: SPF (was: Re: Bug#257644: ITP: libspf2 -- Sender Policy Framework library, written in C)
  - From: Isaac To <iketo2@netscape.net>
- Re: SPF (was: Re: Bug#257644: ITP: libspf2 -- Sender Policy Framework library, written in C)
  - From: erik@zoneedit.com (Erik Aronesty)
- Re: SPF (was: Re: Bug#257644: ITP: libspf2 -- Sender Policy Framework library, written in C)
  - From: Isaac To <iketo2@netscape.net>

Prev by Date: Re: Bug#261093: ITP: libspf -- official ANSI C sender policy framework (SPF) library
Next by Date: Re: proposed resolution to release-critical libtiff3g bugs
Previous by thread: Re: SPF (was: Re: Bug#257644: ITP: libspf2 -- Sender Policy Framework library, written in C)
Next by thread: Re: SPF
Index(es):
- Date
- Thread