[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SPF (was: Re: PERSONAL xxxx - KTA)

On Sat, Jun 30, 2007 at 02:07:15PM -0400, Chris Wagner wrote:
> At 11:17 AM 6/30/2007 +0200, Matus UHLAR - fantomas wrote:
> >On 29.06.07 16:27, Michelle Konzack wrote:
> >> HOW do you want to force all ISP's worldwide to use SPF?
> >
> >hard to force but at leasr ptovide gooe toold what help to use it...
> Personally I think SPF is useless.  I get plenty of spam that is SPF pass
> and plenty of legit mail that is SPF fail.  

you misunderstand what SPF is for.  SPF is *NOT* an anti-spam system. it
is an anti-forgery system. SPF's *SOLE* purpose is for a domain owner to
decide which hosts are allowed to send mail claiming to be from their
domain. nothing more, nothing less.

complaining that SPF doesn't block spam is like complaining that
jelly doesn't cut through steel.

> If it can't give u a very high legitimacy check, it's not worth it.

it does give a reliable legitimacy check - only hosts listed by the
domain owner (or their authorised agent - e.g. sysadmin) are allowed to
send mail from that domain.

> IMHO the only way to accomplish what SPF attempts is to build a

s/SPF/i mistakenly believe SPF attempts/

> parallel mail system on the Internet that is 100% authentication based
> and then require everyone to shift over to it.  And then shut down the
> old system.

it'll never happen. and if anyone attempted it, it would be completely
undermined by the need to be backwards compatible with SMTP for at least
the first few years....thus giving no actual advantage, and no incentive
for anyone to go to the effort of switching to it.

and forcing everyone to shift to it.... you are joking, right?


craig sanders <cas@taz.net.au>

BOFH excuse #141:

disks spinning backwards - toggle the hemisphere jumper.

Reply to: