North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISP phishing

  • From: Brad Knowles
  • Date: Wed Jun 29 02:57:24 2005

At 4:30 AM +0200 2005-06-29, Paul Wouters wrote:

 It would have been better if he had just installed SPF, and published DNS
 records for his own domain, and rejected them based on that. Then other
 people receiving forged emails with his domain would also be able to just
 drop those emails.
I disagree. Publishing SPF records of that nature would mean that any customers of his who may be roaming would be unable to send e-mail as themselves, and would create the known problems with forwarding. Since you're unlikely to be getting any phishing attempts claiming to come from [email protected], the publishing of SPF records in this instance would not do anything measurable to stop spam coming from his systems nor would it have any visible impact on phishing attempts from his systems.

SPF is not a panacea.

In fact, it is pretty much totally worthless, unless you are the sole owner of a given domain and you can guarantee that all mail you ever send will always be routed through the machines that you own and control, and you know that you don't ever forward e-mail for any of your other accounts.

In that case, SPF can be useful to reduce the damage caused by joe-job attacks on you at your domain, but that's about it.

And i think you're doing yourself and the entire community a grave disservice by painting SPF as the FUSSP.

Brad Knowles, <[email protected]>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755

SAGE member since 1995. See <> for more info.