[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Which Spam Block List to use for a network?

On Thu, 24 Jun 2004 11:58, "Jason Lim" <maillist@jasonlim.com> wrote:
> > most ISPs (and mail service providers like yahoo and hotmail), for
> > instance, will never have SPF records in their DNS.  they may use SPF
> > checking on their own MX servers, but they won't have the records in their
> > DNS.  their users have legitimate needs to send mail using their address
> > from any arbitrary location, which is exactly what SPF works to prevent.

If someone wants to use a hotmail or yahoo email address when sending email to 
me then they will use hotmail/yahoo servers to send it.  My mail server will 
prevent them doing otherwise, and has been doing so since before SPF started 
becoming popular.

> This also applies to most hosting companies. If your ISP prevents outgoing
> SMTP (port 25) to other mail servers and you are forced to use your ISP's
> mail servers, then the "mail server" is not going to match that of your
> hosting account or domain name. Thus SPF fails again in this case.

You just have to enable the ISP's mail server in the SPF configuration.  That 
allows a customer of the same ISP to joe-job you, but sorting THAT out should 
not be so difficult.

> I feel SPF is not going to be implemented many placed not because people
> don't wont to reduce spam, but because SPF just won't work in many cases.
> In fact, depending on how you look at it, it doesn't reduce spam at ALL
> (phising is certainly bad, but that is a separate problem).

If it stops people from joe-jobbing me then that's enough reason to have it.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: