[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Which Spam Block List to use for a network?

On Wed, Jun 23, 2004 at 12:05:57PM -0300, Yves Junqueira wrote:
> SPF is a proposed standard.
> http://www.ietf.org/internet-drafts/draft-mengwong-spf-00.txt
> Even Microsoft seemed to drops its CallerID proposal in favor of SPF.
> Check spf.pobox.com
> 
> On Wed, 23 Jun 2004 11:45:40 +0200, Niccolo Rigacci <niccolo@rigacci.org> wrote:
> 
> > Please correct me if I'm wrong; I'm searching for RFCs which
> > propose effective ways to block spam and viruses.

SPF isn't a very effective tool for blocking spam or viruses.  it is a tool for
preventing some kinds of forgery.  it is useful where the owner of a domain can
strictly define which hosts are allowed to send mail claiming to be from their
domain.  it is not useful otherwise.  

this means it is very useful for, say, banks and other corporations to
prevent/limit phishing style scams.  it is also useful for small businesses and
home vanity domains.  it is not useful as a general anti-spam/anti-virus tool
because spammers and viruses can just forge addresses in any of the millions of
domains that don't have (and never will have) SPF records.

most ISPs (and mail service providers like yahoo and hotmail), for instance,
will never have SPF records in their DNS.  they may use SPF checking on their
own MX servers, but they won't have the records in their DNS.  their users have
legitimate needs to send mail using their address from any arbitrary location,
which is exactly what SPF works to prevent.

SPF is useful and a *part* of the solution for *some* of the problem.  it is
not a magic bullet.

craig



PS: (standard quote information file)

please learn to quote properly. your reply goes UNDERNEATH the quoted
material, not above it. this allows the quoted message to be read in
sequential order rather than reverse chronological order.

top-posting screws up the chronological order of the replies making it a
jarring chore to make sense of them - you have to scroll backwards and
forwards trying to match who said what to whom and when.

the longer a thread goes on, the worse it gets.

-- 
craig sanders <cas@taz.net.au>

The next time you vote, remember that "Regime change begins at home"
Reply to: