[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Which Spam Block List to use for a network?

On Thursday 24 June 2004 08:48, Leonardo Boselli wrote:
> On Thu, 24 Jun 2004, Mark Bucciarelli wrote:
> > > > I'm pretty sure this is incorrect.  SPF checks the MAIL-FROM:
> > > > header, not From:, so I think this case should work fine ...
> > >
> > > are you sure ? i never see such header !
> >
> > Yes.  See http://spf.pobox.com/faq.html
> that is mail from: not mail-from:
> how can i see it as a recipient ? I do not trust other systems for
> filtering !
> After all, there is no problem in giving a fake address as "mail from"
> so you on the end should test if the alleged from is conformat with the
> originatin host, and yopu are agin in teroble is someone send a message
> from another domain .

Somewhere along the mail trail, the spammer forged the MAIL FROM header and 
sent an email from a server not associated with the forged domain.  That's 
where SPF can work.  Once that email is accepted by the receiving server, 
the game is over.

For most cases, it doesn't cost anything to implement SPF now.  And if you 
do it, and tell two friends, and they tell two friends ...

There are only two significant problem that I know of with SPF:

(1) "traditional UNIX .forward files and /etc/aliases files" [1] don't 
change the return-path address in the envelop.

(2) greeting card sites and "e-mail me this news article" sites use your 
email address in the envelop as well as the From: header.

For (1), you can use remailing instead.  For (2), you have to ask the site 
to change their policy.  Newer sites may already work (for example, Orkut 
doesn't have this problem).

[1] Linux Journal, May 2004, p. 53



Reply to: