[73876] in North American Network Operators' Group
Re: Spammers Skirt IP Authentication Attempts
daemon@ATHENA.MIT.EDU (Paul Jakma)
Tue Sep 7 06:34:14 2004
Date: Tue, 7 Sep 2004 11:32:11 +0100 (IST)
From: Paul Jakma <paul@clubi.ie>
To: "Tom (UnitedLayer)" <tom@unitedlayer.com>
Cc: "Edward B. Dreger" <eddy+public+spam@noc.everquick.net>,
nanog@merit.edu
In-Reply-To: <20040906114643.K36966-100000@smtp.unitedlayer.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, 6 Sep 2004, Tom (UnitedLayer) wrote:
> I think SPF is an important step in getting rid of people
> pretending to be someone else. If you have SPF records, and they
> match the mail, chances are you are who you say you are.
Not really. For that you need X.509 or PGP and web-of-trust.
Also, SPF doesnt tell you whether it is spam. Indeed, apparently
majority of SPF-valid email at moment is spam!
> Finding out who you are behind domain records/etc, thats a
> different story...
SPF is worthless.
Joe-job protection can be done in far better ways, eg SRS.
regards,
--
Paul Jakma paul@clubi.ie paul@jakma.org Key ID: 64A2FF6A
Fortune:
Zombie processes haunting the computer
