Educause Security Discussion mailing list archives
Re: Blacklists - URL and IP
From: Joe St Sauver <JOE () OREGON UOREGON EDU>
Date: Thu, 16 Jun 2005 13:57:10 -0700
Information Security <infosecurity () UTPA EDU> commented: #That's a waste of time. Spammers have more SPF records in place than #legitimate senders. SPF is not about reputation, it is designed to address the question "Did this mail come from a source that the domain holder views as legitimate?" Other tools will help you make judgements about reputation (including things that give thumbsdown, like the SBL or the SURBL), and things that give a thumbs up (like BondedSender). #SPF only works in conjunction with a white list. For example you might #have a small list of companies such as ebay, yahoo, etc, and reject #mail from those domains which don't match their SPF records. However #you cannot make any conclusions at all about a domain who #you do not specifically know, based on the presence or absence of an SPF #record. SPF is not meant to function as a white list, nor does it require an ancillary whitelist, and it doesn't "help" if the origin of the mail is from an expected source. Where it *does* help is when the mail is from an unexpected source. #SPF is a big fat waste of time in my opinion. Like most of these things #sponsored by big corporations, they protect the so-called "legitimate #mass mailers" more than they help reduce spam. It is not designed to reduce spam. It is designed to give entities a way to control mail sources for their domain. If I'm citibank.com, and I don't originate mail from a coffee shop in Malta, it is helpful if I can express that policy -- and sure enough, citibank.com has: % host -t txt citibank.com citibank.com text "v=spf1 a:mail.citigroup.com ip4:192.193.195.0/24 ip4:192.193.210.0/24 ~all" Regards, Joe
Current thread:
- Blacklists - URL and IP Dennis Meharchand, CEO Valt.x (Jun 16)
- <Possible follow-ups>
- Re: Blacklists - URL and IP Joe St Sauver (Jun 16)
- Re: Blacklists - URL and IP Bill Kyle (Jun 16)
- Re: Blacklists - URL and IP James Riden (Jun 16)
- Re: Blacklists - URL and IP Information Security (Jun 16)
- Re: Blacklists - URL and IP Joe St Sauver (Jun 16)
- Re: Blacklists - URL and IP Dave Koontz (Jun 16)
- Re: Blacklists - URL and IP Graham Toal (Jun 17)
- Re: Blacklists - URL and IP Dave Koontz (Jun 23)
- Re: Blacklists - URL and IP Valdis Kletnieks (Jun 23)