Re: Which Spam Block List to use for a network?

[Mark Bucciarelli <mark@easymailings.com>]

On Wednesday 23 June 2004 20:51, Craig Sanders wrote:
> On Wed, Jun 23, 2004 at 12:05:57PM -0300, Yves Junqueira wrote:
> > SPF is a proposed standard.
> > http://www.ietf.org/internet-drafts/draft-mengwong-spf-00.txt
> > Even Microsoft seemed to drops its CallerID proposal in favor of SPF.
> > Check spf.pobox.com

> SPF isn't a very effective tool for blocking spam or viruses.  it is a
> tool for preventing some kinds of forgery.  it is useful where the owner
> of a domain can strictly define which hosts are allowed to send mail
> claiming to be from their domain.  it is not useful otherwise.

I sense an implication that this is some small percentage of total non-spam 
email.  Doesn't this cover a _huge_ percentage of valid email?  Who does 
this rule out other than power users with an MTA on a their laptop or 
people using greeting card sites?

Also, according to Meng Weng's Linux Journal article, SPF makes provisions 
for power users with their own MTA on dynamic IP's (even if Russel 
doesn't  ;).  In addition, if you are a power user that uses forward 
files, if you switch to remailing SPF will also work.  These require using 
advanced SPF: the "exists" and "include" mechanisms.

> most ISPs (and mail service providers like yahoo and hotmail), for
> instance, will never have SPF records in their DNS.  they may use SPF
> checking on their own MX servers, but they won't have the records in
> their DNS.  their users have legitimate needs to send mail using their
> address from any arbitrary location, which is exactly what SPF works to
> prevent.

Why do you say never?  If it's good enough for aol and google, why not 
hotmail and yahoo?  According to spf.pobox.com, Microsoft has endorsed SPF 
as a standard.

Regards,

Mark