[73918] in North American Network Operators' Group
Re: Spammers Skirt IP Authentication Attempts
daemon@ATHENA.MIT.EDU (vijay gill)
Wed Sep 8 07:44:05 2004
Date: Wed, 8 Sep 2004 11:41:32 +0000
From: vijay gill <vgill@vijaygill.com>
To: Paul Jakma <paul@clubi.ie>
Cc: David Cantrell <david@cantrell.org.uk>, nanog@merit.edu
In-Reply-To: <Pine.LNX.4.61.0409081213380.23011@fogarty.jakma.org>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, Sep 08, 2004 at 12:14:54PM +0100, Paul Jakma wrote:
> On Wed, 8 Sep 2004, vijay gill wrote:
>
> >But if instead of foobar.com, it is vix.com or citibank.com, then
> >their SPF records will not point at randomgibberish.comcast.net as
> >an authorized sender. That means that if I do get a mail purporting
> >to be from citi from randomgibberish, I can junk it without
> >hesitation.
>
> Yes, all we need for SPF to work is for spammers to play along and
> cooperate, and we'll be able to filter out the spam they send.
>
> Earth calling... ;)
I'm probably going into an argument with a net.kook but just to be sure,
let me clarify this: How do you think spammers will be able to subvert
citibank.com to have random.cablemodem.net as a permitted sender?
I've never believed spf was the ultimate solution, just that it allows me to
better filter some of the joe-bobs.
/vijay - falling yet again into another argument which is probably more
annoying than a thorned thong.
