|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Spammers Skirt IP Authentication Attempts
On Mon, Sep 06, 2004 at 12:04:45PM +0000, Peter Corlett wrote: > Henry Linneweh <[email protected]> wrote: > > This is not a good beginning > > http://www.eweek.com/article2/0,1759,1642848,00.asp > I'm an advocate of SPF, but not because it's the magic bullet that > stops spam. It does however allow innocent domains to say "no, I > didn't send that" and thus avoid the double-bounced backwash from a > spammer forging their domain as the sender. It's also a step towards making domain-based whitelists / blacklists more practical (and, as pointed out recently on spam-l, which might be a more appropriate place for this discussion, makes more aggressive filtering of non-whitelisted domains and domains without SPF records more possible). It should hopefully help with viruses that forge the sender-address and should help reduce bouncebacks due to spam and viruses with forged sender addresses. It can help make phishing scams more difficult to pull off. It makes it easier for someone to say "this domain will NEVER send any legitimate email traffic". Will spammers register tons of new domains, setting up SPF for each? Probably. Will they start spoofing other domains hosted by the same provider? . Will they register "look-alike" domains? Will viruses get smarter, and start sending themselves out via providers' SMTP servers? Probably. But all of these cases are still an improvement over the current situation, and help make life easier for existing email filtering / processing tools. I don't personally believe that "[s]pam as a technical problem is solved by SPF"[1], but I do think it has the potential to reduce some existing problems with email (some of which are related to spam). I'm cautiously optimistic that it /may/ be a good thing. Victor Duchovni made some interesting points about SPF on spam-l that are worth checking out if you can access the archives. Some excerpts (please edit attributions if you're quoting / replying to this - I didn't write this): What everyone is forgetting is that the biggest proponents of SPF are large mailbox providers, and their real motivation is actually not so much deterring spam, but lowering the administrative cost of maintaining white-lists! White-listing IP addresses loses, because legitimate bulk mailers (and some no so legitimate ones, but that is not the point) who are whitelisted by the ISPs occasionally move their outbound relays to new address pools. Also some providers host multiple sender domains, some that one wants to whitelist and some that one does not. [...] This does nothing to block spam, this merely decentralizes whitelist management. With more up-to-date (reliable?) whitelists, one can afford to spend more resources on aggressive filters of mail that is not white-listed, and not worry as much about false positives. [1] http://www.interesting-people.org/archives/interesting-people/200401/msg00034.html -- "Since when is skepticism un-American? Dissent's not treason but they talk like it's the same..." (Sleater-Kinney - "Combat Rock")
|