[185557] in North American Network Operators' Group
Re: Uptick in spam
daemon@ATHENA.MIT.EDU (Peter Beckman)
Tue Oct 27 13:00:29 2015
X-Original-To: nanog@nanog.org
Date: Tue, 27 Oct 2015 13:00:24 -0400
From: Peter Beckman <beckman@angryox.com>
To: Rich Kulawiec <rsk@gsp.org>
In-Reply-To: <20151027145333.GA3134@gsp.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Tue, 27 Oct 2015, Rich Kulawiec wrote:
> It would be nice if it did; it would be nice if the fatuous claim
> made at SPF's introduction ("Spam as a technical problem is solved
> by SPF") were true. But it's not. It's worthless.
I disagree. Since implementing SPF, there have been no joe-jobs on my
accounts, and attempting to pretend to be me via email is difficult where
SPF is implemented.
I never read or understood that SPF was created to solve the spam problem.
It was to give owners of domains a way to say "If you got an email from us
from these IPs/hosts, then it is probably from us."
It gave domain owners a standardized programmatic way to say to email
recipients when to accept or reject email from their domains.
SPF is not worthless.
However, SPF IS worthless at preventing spam.
And while SPF *could* have been implemented by the owner of the
email/domain that sent all of the spam to the NANOG list and *if* the mail
server for NANOG respected SPF then the emails would have been dropped, it
seems one or both is not the case.
---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman@angryox.com http://www.angryox.com/
---------------------------------------------------------------------------
