[81751] in North American Network Operators' Group
Re: ISP phishing
daemon@ATHENA.MIT.EDU (Brad Knowles)
Wed Jun 29 02:56:47 2005
In-Reply-To: <Pine.LNX.4.63.0506290130460.23579@newpack.xtdnet.nl>
Date: Wed, 29 Jun 2005 01:47:52 -0500
To: Paul Wouters <paul@xtdnet.nl>
From: Brad Knowles <brad@stop.mail-abuse.org>
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
At 4:30 AM +0200 2005-06-29, Paul Wouters wrote:
> It would have been better if he had just installed SPF, and published DNS
> records for his own domain, and rejected them based on that. Then other
> people receiving forged emails with his domain would also be able to just
> drop those emails.
I disagree. Publishing SPF records of that nature would mean
that any customers of his who may be roaming would be unable to send
e-mail as themselves, and would create the known problems with
forwarding. Since you're unlikely to be getting any phishing
attempts claiming to come from j-random-user@hisdomains.example.com,
the publishing of SPF records in this instance would not do anything
measurable to stop spam coming from his systems nor would it have any
visible impact on phishing attempts from his systems.
SPF is not a panacea.
In fact, it is pretty much totally worthless, unless you are the
sole owner of a given domain and you can guarantee that all mail you
ever send will always be routed through the machines that you own and
control, and you know that you don't ever forward e-mail for any of
your other accounts.
In that case, SPF can be useful to reduce the damage caused by
joe-job attacks on you at your domain, but that's about it.
And i think you're doing yourself and the entire community a
grave disservice by painting SPF as the FUSSP.
--
Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
