Re: Which Spam Block List to use for a network?
On Wednesday 23 June 2004 20:51, Craig Sanders wrote:
> On Wed, Jun 23, 2004 at 12:05:57PM -0300, Yves Junqueira wrote:
> > SPF is a proposed standard.
> > http://www.ietf.org/internet-drafts/draft-mengwong-spf-00.txt
> > Even Microsoft seemed to drops its CallerID proposal in favor of SPF.
> > Check spf.pobox.com
> SPF isn't a very effective tool for blocking spam or viruses. it is a
> tool for preventing some kinds of forgery. it is useful where the owner
> of a domain can strictly define which hosts are allowed to send mail
> claiming to be from their domain. it is not useful otherwise.
I sense an implication that this is some small percentage of total non-spam
email. Doesn't this cover a _huge_ percentage of valid email? Who does
this rule out other than power users with an MTA on a their laptop or
people using greeting card sites?
Also, according to Meng Weng's Linux Journal article, SPF makes provisions
for power users with their own MTA on dynamic IP's (even if Russel
doesn't ;). In addition, if you are a power user that uses forward
files, if you switch to remailing SPF will also work. These require using
advanced SPF: the "exists" and "include" mechanisms.
> most ISPs (and mail service providers like yahoo and hotmail), for
> instance, will never have SPF records in their DNS. they may use SPF
> checking on their own MX servers, but they won't have the records in
> their DNS. their users have legitimate needs to send mail using their
> address from any arbitrary location, which is exactly what SPF works to
Why do you say never? If it's good enough for aol and google, why not
hotmail and yahoo? According to spf.pobox.com, Microsoft has endorsed SPF
as a standard.