SPF is NOT designed to prevent spam, that's a common misconception. SPF is designed to ensure user authenticity, which it does rather well. Does it prevent things like DNS spoofing to get around it? No, but as the DNS spoofing would need to occur at every mail server period for it to be effective, DSNS security is a small factor.
Think the mass amounts of spam you get from @hotmail.com, that aren't really from @hotmail.com. At bare minimum, I think SPF ought to be implimented one way or another, but let the end user decide how to handle such e-mails. ----- Original Message ----- From: "mike" <[EMAIL PROTECTED]> To: "Gerrit P. Haase" <[EMAIL PROTECTED]>; "DBMail mailinglist" <[email protected]> Sent: Thursday, October 07, 2004 10:11 PM Subject: [Dbmail] Anyone interested in SPF for their Postfix/DbMail Setup? > Gerrit P. Haase wrote: > > >Hallo Mike, > > > >Am Freitag, 8. Oktober 2004 um 03:16 schriebst du: > > > >>FYI: > >>>> Anyone interested in enabling SPF (plus MS CALLER-ID if desired) for > >>>> their Postfix MTA / DbMail system? > >>>> This is not intended as a recommendation but if you have considered > >>>> implementing the new SPF I have been running the Postfix SMTP policy > >>>> daemon with Postfix/DbMail with good result. > > >>>> Many other? What are these many others? It al ldoesn't work... > > Answer follows. I will only list a dozen but there are more. > > 1) Bonded Sender Program > http://www.bondedsender.com/ > > 2) Trusted Sender Program > http://www.trustedsender.com/ > http://www.pcmag.com/article2/0,1759,163856,00.asp > http://www.privacyassociation.org/docs/keonigppt.pdf > > 3) Sender ID Framework > http://www.microsoft.com/mscorp/twc/privacy/spam_senderid.mspx > > 4) Sender Policy Framework > http://spf.pobox.com/objections.html > > 5) Trusted-Class Email > http://www.goodmailsystems.com/ > > 6) Trusted Email - A Netherlands Solution > http://imsc-dmim.usc.edu/publications/TrustedEmail.pdf > http://imsc-dmim.usc.edu/publications/Trusted_Email-proof.pdf > > 7) Sender ID Solution > http://www.clickz.com/features/insight/article.php/3391481 > > 8) DomainKeys > https://www.sendmail.com/smi/news/pressrelease.jsp?eventOID=80351&localId=USA > > 9) Sender ID Phishing Solution > http://www.securesynergy.com/securitynews/newsitems/2004/aug-04/240804-05.htm > > 10) IM2000 > http://cr.yp.to/im2000.html > > 11) ASTA - The Anti-Spam Technical Alliance > http://docs.yahoo.com/docs/pr/pdf/asta_soi.pdf > > 12) Email AUthentication > http://www.clickz.com/news/article.php/3317481 > > Further reading ... > 14) Proposals Offer Small Steps to Stop Spam > http://itmanagement.earthweb.com/columns/executive_tech/print.php/3345291 > > > >>>> No, I believe SPF is harmful. See here for good introduction to the > >>>> mess: > >>>> > http://homepages.tesco.net/~J.deBoynePollard/FGA/smtp-spf-is-harmful.html > > "SPF is merely one component in a balanced anti-spam strategy. It may > help some; it may hurt others. SPF tries to break as few eggs as it can > by providing a range of conformance levels. Many people believe that SPF > is a strong solution because it helps many while hurting few." -- Meng > Weng Wong > > SPF Creator Meng Weng Wong answers Objections raised at > http://spf.pobox.com/objections.html > > > As I said, > > "This is not intended as a recommendation but if you have considered > implementing the new SPF I have been running the Postfix SMTP policy > daemon with Postfix/DbMail with good result." > > best... > Mike > > > > _______________________________________________ > Dbmail mailing list > [email protected] > https://mailman.fastxs.nl/mailman/listinfo/dbmail
