[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Unusual spam recently - hummm - postprocess

Quoting Michael Stone (mstone@debian.org):

> Well, it is vaporware. Until it's used by a noticable percentage of
> hosts, it's irrelevant.

(1) Where I come from, the term "vapourware" means software touted far
in advance of its availability.  As noted, such is most emphatically not
the case, here.  However, moving on:

(2) A relevant index for usefulness wouldn't be the percentage of
_hosts_, but rather the percentage of _mail_ for which it's useful.
This distinction is important:

The utility of SPF lies in its ability to eliminate joe-jobbing,
providing a means to validate MXes -- and, as I'm reasonably sure you'll
have observed, forged mail's envelopes strongly tend to forge the
domains of major (very large) mail-handling sites.  Those sites happen
to have been among the earliest adopters of SPF RRs in their DNS,
largely because they are particularly motivated to protect their
trademarks and their names.

So, adding handling for SPF RRs in one's MTA yields significant
advantages today, despite the technology being new, because _all_ of the 
forgemail claiming to be from aol.com, msn.com, hotmail.com, pobox.com,
etc. can be detected all in one step.

And that's a whole lot of spam, right there.

Reply to: