[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian.org e-mail address and SPF/SRS

On Fri, Nov 05, 2004 at 11:48:29AM -0200, Gustavo Franco wrote:
> On Fri, 5 Nov 2004 16:38:20 +1100, Matthew Palmer <mpalmer@debian.org> wrote: 
> > That's a question you'll have to ask of Yahoo and the SPF people.  My guess
> > is that the pushers of these schemes want their thing adopted for whatever
> > reason (corporate greed, personal gratification, whatever), but they know
> > that random people don't care enough about e-mail forgery to really take it
> > up.  However, most everyone online seems to be pretty pissed off about spam,
> > so saying "this stops spam" will get people interested in the scheme, and
> > they're hoping that people kinda forget that the system was supposed to stop
> > spam when people work out, definitively, that it doesn't actually do squat
> > to stop spam.
> > 
> "this stops spam" ? It isn't what they're saying, please read:

We've done this dance before.  I don't get as far as the FAQ, because the
misinformation starts right on the front page (http://spf.pobox.com, "What
is SPF?", third paragraph):

"SMTP receivers verify the envelope sender address against this information,
and can distinguish legitimate mail from spam before any message data is

That is a big leap from "can verify if a message is being sent from a
server which has been listed as being legitimate for the domain".  Burying
the real facts in the bowels of some FAQ doesn't stop the popular
misconception being "this is an anti-spam solution".

Find 10 people off the street who know what SPF is, ask them what SPF is
for, and I reckon probably at least 8 of them will say "it's for stopping
spam".  They got that impression from somewhere, and I don't see the SPF
guys madly running around trying to change that impression of their
software.  Last time this came up, someone posted an interview with one of
the SPF authors, who was quite happy to let the interviewer prattle on about
SPF being the FUSSP, without any correction.

- Matt

Attachment: signature.asc
Description: Digital signature

Reply to: