[73913] in North American Network Operators' Group
Re: Spammers Skirt IP Authentication Attempts
daemon@ATHENA.MIT.EDU (Paul Jakma)
Wed Sep 8 06:55:26 2004
Date: Wed, 8 Sep 2004 11:54:32 +0100 (IST)
From: Paul Jakma <paul@clubi.ie>
To: David Cantrell <david@cantrell.org.uk>
Cc: nanog@merit.edu
In-Reply-To: <20040908093107.GA5486@bytemark.barnyard.co.uk>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 8 Sep 2004, David Cantrell wrote:
> You forget, SPF doesn't just tell you who is authorised to speak on
> behalf of foobar.com, it also tells you who is *not* authorised.
That is sort of implied, yes.
> If you get mail coming in from - eg - randomgibberish.comcast.net
> claiming to be from foobar.com, then you know that it's dodgy
> unless foobar.com's SPF record says that that cable modem address
> is authorised.
Except that, SPF records are as easy to setup for a spammer, as for
you and I. If the above is a spammer, then SPF for foobar.com will
list randomgibberish.comcast.net as an authorised sender.
SPF will absolutely not have any effect on spam.
And I say this merely as a disciple of Vixie - he thought of a form
of SPF /years/ ago, and he knew /years/ ago it wouldnt do anything
for Spam. The only difference between Vixie's MAIL-FROM MX records
and SPF is the snake-oil: Vixie was honest in his claims for what it
could do, the hype around SPF is not.
regards,
--
Paul Jakma paul@clubi.ie paul@jakma.org Key ID: 64A2FF6A
Fortune:
Reformatting Page. Wait...
