On Fri, Nov 05, 2004 at 11:48:29AM -0200, Gustavo Franco wrote: > On Fri, 5 Nov 2004 16:38:20 +1100, Matthew Palmer <mpalmer@debian.org> wrote: > > That's a question you'll have to ask of Yahoo and the SPF people. My guess > > is that the pushers of these schemes want their thing adopted for whatever > > reason (corporate greed, personal gratification, whatever), but they know > > that random people don't care enough about e-mail forgery to really take it > > up. However, most everyone online seems to be pretty pissed off about spam, > > so saying "this stops spam" will get people interested in the scheme, and > > they're hoping that people kinda forget that the system was supposed to stop > > spam when people work out, definitively, that it doesn't actually do squat > > to stop spam. > > > > "this stops spam" ? It isn't what they're saying, please read: We've done this dance before. I don't get as far as the FAQ, because the misinformation starts right on the front page (http://spf.pobox.com, "What is SPF?", third paragraph): "SMTP receivers verify the envelope sender address against this information, and can distinguish legitimate mail from spam before any message data is transmitted." That is a big leap from "can verify if a message is being sent from a server which has been listed as being legitimate for the domain". Burying the real facts in the bowels of some FAQ doesn't stop the popular misconception being "this is an anti-spam solution". Find 10 people off the street who know what SPF is, ask them what SPF is for, and I reckon probably at least 8 of them will say "it's for stopping spam". They got that impression from somewhere, and I don't see the SPF guys madly running around trying to change that impression of their software. Last time this came up, someone posted an interview with one of the SPF authors, who was quite happy to let the interviewer prattle on about SPF being the FUSSP, without any correction. - Matt
Attachment:
signature.asc
Description: Digital signature