[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SPF (was: Re: PERSONAL xxxx - KTA)

> At 11:17 AM 6/30/2007 +0200, Matus UHLAR - fantomas wrote:
> >On 29.06.07 16:27, Michelle Konzack wrote:
> >> HOW do you want to force all ISP's worldwide to use SPF?
> >
> >hard to force but at leasr ptovide gooe toold what help to use it...

On 30.06.07 14:07, Chris Wagner wrote:
> Personally I think SPF is useless.  I get plenty of spam that is SPF pass
> and plenty of legit mail that is SPF fail.  If it can't give u a very high
> legitimacy check, it's not worth it.

This is very popular misunderstanding of SPF principle. SPF is designed to
decrease forgeries, not spam. The fact that spam oftains forged address and
thus reducing forgeries would reduce spam, is a nice side-effect.

We may compare the SPF check to the senders domain validation. If the
sender's domain does not exist, most of MTA's will refure the mail because
it's invalid/forged/spam. If it DOES exist, we do not know anything more so
we can't tell if it is spam or not.

With SPF, if the check (hardly!)fails, we know that it is a forgery (or
misconfiguration) and we may refuse the mail. If it does not, we do not know
if it's a forgery.

> IMHO the only way to accomplish what SPF attempts is to build a parallel
> mail system on the Internet that is 100% authentication based and then
> require everyone to shift over to it.  And then shut down the old system.

Hehe :-)

You Might Be An Anti-Spam Kook If...
    The FUSSP involves replacing SMTP.

(FUSSP = Final Ultimate Solution to the Spam Problem)
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.

Reply to: