Re: Blacklists - URL and IP

[Joe St Sauver <JOE () OREGON UOREGON EDU>]

Information Security <infosecurity () UTPA EDU> commented:

#That's a waste of time.  Spammers have more SPF records in place than
#legitimate senders.

SPF is not about reputation, it is designed to address the question "Did
this mail come from a source that the domain holder views as legitimate?"

Other tools will help you make judgements about reputation (including things
that give thumbsdown, like the SBL or the SURBL), and things that give a
thumbs up (like BondedSender).

#SPF only works in conjunction with a white list.  For example you might
#have a small list of companies such as ebay, yahoo, etc, and reject
#mail from those domains which don't match their SPF records.  However
#you cannot make any conclusions at all about a domain who
#you do not specifically know, based on the presence or absence of an SPF
#record.

SPF is not meant to function as a white list, nor does it require an
ancillary whitelist, and it doesn't "help" if the origin of the mail is
from an expected source. Where it *does* help is when the mail is from
an unexpected source.

#SPF is a big fat waste of time in my opinion.  Like most of these things
#sponsored by big corporations, they protect the so-called "legitimate
#mass mailers" more than they help reduce spam.

It is not designed to reduce spam. It is designed to give entities a way
to control mail sources for their domain.

If I'm citibank.com, and I don't originate mail from a coffee shop in
Malta, it is helpful if I can express that policy -- and sure enough,
citibank.com has:

% host -t txt citibank.com
citibank.com text "v=spf1 a:mail.citigroup.com ip4:192.193.195.0/24 ip4:192.193.210.0/24 ~all"

Regards,

Joe