[ILUG] Reminder: Please Respond to S.'s Invitation
paul at clubi.ie
paul at clubi.ie
Thu Jan 15 02:52:35 GMT 2009
On Wed, 14 Jan 2009, Paschal Nee wrote:
> v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20
> ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20
> ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ?all
Why do you think spammers are unable to setup valid SPF records?
Spammers were the leading *ADOPTERS* of SPF (note that this article
is from 2004):
http://www.techworld.com/security/news/index.cfm?newsid=2154
I'm just amazed there are *still* people touting SPF as being an
effective anti-spam solution...
It might have some amount of value as an attestation device ("this
mail seems like it came from a valid example.com mail server") - but
that still doesn't seem very useful (ok, great - but is it really
from joe at example.com though?). However, I don't know of any MUAs that
allow the user to easily see whether a mail passed SPF (and it'd need
MTA co-operation to do this reliably, I suspect)..
If that kind of thing matters, one really ought to be encouraging
digital signatures (preferably based on a PKI where certification is
in the hands of the people, like PGP), rather than SPF.
SPF was a weak, very short-term hack when it was first conceived, and
it's now way past its expiry date.
2004 is calling and wants this argument back..
regards,
--
Paul Jakma paul at clubi.ie paul at jakma.org Key ID: 64A2FF6A
Fortune:
The more crap you put up with, the more crap you are going to get.
More information about the ILUG
mailing list