Educause Security Discussion mailing list archives
Re: Blacklists - URL and IP
From: Graham Toal <gtoal () UTPA EDU>
Date: Fri, 17 Jun 2005 08:27:15 -0500
Dave Koontz wrote:
These technologies are *NOT* designed to detect spam, nor should they be used to assign a postive value to email that pass the tests. What they do is simple, verify that the sender of an email is coming from where they claim they are. The rest is up to you and your spam filters.
Exactly! Most people forget that, and it's easy to see where the misunderstandings come from because even the author of SPF describes it badly on his site. (our used to, I haven't checked it recently) The problem that SPF solves is that it helps stop people spoofing your domain, as long as the recipient checks SPF. It doesn't stop spam because the spammers create valid SPF records for their own numerous domains, which they change regularly because they have some of the more dubious registrars in their pockets. If you sample your mail, you'll find that you receive more spams with SPF than you do real mails. Lack of an SPF record is no help either because if you bounce on that basis you've just rejected 95% of your legitimate mail. The main consequence of SPF is that spammers stop sending spam from known domains and start sending it from unknown domains. IMHO that's not much of a win.If you've totally bought in to the SPF hype, you need to read with an open mind some of the criticisms that have been posted, such as http://david.woodhou.se/why-not-spf.html and http://homepages.tesco.net/~J.deBoynePollard/FGA/smtp-spf-is-harmful.html SPF is a mildly useful tool, but for me just the breaking of forwarding alone (see the section on SRS in the first paper) is enough to make me nervous about implementing it anywhere other than on my homebox. G
Current thread:
- Blacklists - URL and IP Dennis Meharchand, CEO Valt.x (Jun 16)
- <Possible follow-ups>
- Re: Blacklists - URL and IP Joe St Sauver (Jun 16)
- Re: Blacklists - URL and IP Bill Kyle (Jun 16)
- Re: Blacklists - URL and IP James Riden (Jun 16)
- Re: Blacklists - URL and IP Information Security (Jun 16)
- Re: Blacklists - URL and IP Joe St Sauver (Jun 16)
- Re: Blacklists - URL and IP Dave Koontz (Jun 16)
- Re: Blacklists - URL and IP Graham Toal (Jun 17)
- Re: Blacklists - URL and IP Dave Koontz (Jun 23)
- Re: Blacklists - URL and IP Valdis Kletnieks (Jun 23)