Re: spf record

[Craig Sanders <cas@taz.net.au>]

On Fri, Jan 20, 2006 at 10:01:06PM +0200, Juha-Matti Tapio wrote:
> > SPF is not a protection for your customer, see it as a protection
> > for you server, just like RBL checks: it's a low cpu filter that
> > help you to disconnect spammers BEFORE the spam is sent...
>
> SPF works only as long as spammers actually start to use it massively
> themselves (and I think I have read somewhere that many have already
> started to use it). If most servers start checking SPF, eventually all
> spammers will start to use valid SPF-configured envelope addresses.
> After that SPF does not help at all but merely becomes an extra burden
> on the DNS and mail servers (after all, it requires extra lookups from
> the net).

SPF will help a little if widely implemented because it will make it
difficult for spammers to forge the sender address. they will have to
use their own domains, which can be blacklisted.

like RBLs, it will help force them (and/or their ISP) to be accountable
for their spam.

> SPF does not effectively fight spam, but it tries to reduce
> backscatter which could be avoided by simple configuring servers
> so that they do not send unnecessary backscatter 

correct. SPF is not an anti-spam technology. it is anti-forgery.
that helps a little with the spam problem, but only as an incidental
side-effect.

> (Qmail is a major problem here).

qmail is always a major problem :)

craig

-- 
craig sanders <cas@taz.net.au>           (part time cyborg)