----- Original Message ----- From: "Matt" <[EMAIL PROTECTED]>
> I believe that SPF is almost all hype and hardly any value to speak of. It's not hype - if you use it correctly it can provide some positive results. After all other spam filtering was done (Postfix, SpamAssassin, Razor, Pyzor, DCC, Bayes, AWL, Greylisting, SURBL, RBL/RHSBL, Declude, Sniffer, SpamCheck, Alligate, custom filters), on Friday I still blocked an additional 57 forged messages from being delivered by using SPF, and that was just for one small corporate e-mail domain (and no telling how many joe-jobs it prevented). > It was originally intended to authenticate hosts, but spammers quickly > caught on and started giving themselves SPF records ( > http://netscape.com.com/2100-1009_22-5357269.html?part=netscape > <http://netscape.com.com/2100-1009_22-5357269.html?part=netscape&subj=te > chnews&tag=mynetscape> &subj=technews&tag=mynetscape ). I believe that > SPF Pass will soon be primarily spam hits and that study that I linked > to said it was already 1/6 of all such results. So this is good. If spammer use SPF, then I can much more easily block them because they now have to publish valid DNS records. Besides, I don't reward anyone for having SPF records, I only penalize them for sending e-mails that are forged (fail SPF). > Then there is the issue where many domains might use forwarding, E-mail > scripts, sites that use E-mail scripts, or any number of different > servers, meaning that most are inappropriate for anything but an > 'Unknown' record. Now some administrators will claim a modicum of > usefulness to having the Unknown records, although I don't see it, and > others appreciate those that do specify their source IP's, I don't see > it and let me clearly state why. First off, it's not SPF that is > scoring your E-mail, and even some administrators around here have > suggested blocking on SPF Fail alone. So if I had a domain that had > only one server to send from, but I used an E-mail script somewhere for > an inquiry to a company that blocks on SPF Fail, I would be shooting > myself in the foot. There are enough people out there misconfiguring > their SPF records, and enough people out there that have too much > confidence IMO in people setting up their own records to turn this from > a minor benefit into a less accurate than desirable solution, and it > will only get worse in time as the less aware start implementing them > with a one-click solution to limit all E-mail just to one server as far > as SPF goes. There are even administrators out there that have > indicated that they would give SPF Unknown results a score. Most of these issues are being worked out and resolved with things like SRS and sender authentication methods. > Personally I refuse to implement SPF because I don't want to give less > aware/experienced administrators another tool that they can use to > potentially block my customer's legitimate E-mail. I am also somewhat > surprised that so many people are waving the banner of SPF. The only > reason IMO to support SPF is to hope that with the support, it turns > into something worthwhile down the road after significant modification. Usages or not is your perogative. But disswading others from using SPF based on incomplete or inacurate data is is a disservice. > Seems to me that pushing SPF currently is done more to say that you do > it rather than for what SPF does, a.k.a. a buzzword. Maybe for some, but it does help in blocking incoming forgeries and also prevents spammers from using your domains as the sender address (joe-job) on their spam runs, if you use it correctly. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
