Re: Blacklists - URL and IP

[Graham Toal <gtoal () UTPA EDU>]

Dave Koontz wrote:

> These technologies are *NOT* designed to detect spam, nor should they be
> used to assign a postive value to email that pass the tests.  What they do
> is simple, verify that the sender of an email is coming from where they
> claim they are.  The rest is up to you and your spam filters.
Exactly!  Most people forget that, and it's easy to see where the
misunderstandings
come from because even the author of SPF describes it badly on his
site.  (our used to,
I haven't checked it recently)

The problem that SPF solves is that it helps stop people spoofing your
domain, as long
as the recipient checks SPF.  It doesn't stop spam because the spammers
create
valid SPF records for their own numerous domains, which they change
regularly
because they have some of the more dubious registrars in their pockets.
If you sample
your mail, you'll find that you receive more spams with SPF than you do
real mails.   Lack
of an SPF record is no help either because if you bounce on that basis
you've just rejected
95% of your legitimate mail.  The main consequence of SPF is that
spammers stop
sending spam from known domains and start sending it from unknown domains.

IMHO that's not much of a win.If you've totally bought in to the SPF
hype, you need
to read with an open mind some of the criticisms that have been posted,
such as

           http://david.woodhou.se/why-not-spf.html
and

http://homepages.tesco.net/~J.deBoynePollard/FGA/smtp-spf-is-harmful.html

SPF is a mildly useful tool, but for me just the breaking of forwarding
alone (see the section on SRS
in the first paper) is enough to make me nervous about implementing it
anywhere other than
on my homebox.

G