Considering the number of "ancient" viruses we're still blocking at our email gateway, I think you guys are being a bit too clever for your own good :-)
Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Chris Scharff > Sent: 10 September 2004 15:42 > To: Exchange Discussions > Subject: RE: SPF Warning > > Or the virus writers could do a simple DNS lookup and choose > one of the millions of domains that doesn't have an SPF record. > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:bounce- > > [EMAIL PROTECTED] On Behalf Of Robert > Moir Posted > > At: Friday, September 10, 2004 6:39 AM Posted To: swynk > > Conversation: SPF Warning > > Subject: RE: SPF Warning > > > > Except that virus authors are just as smart as the rest of > us and will > > adapt. > > > > How would SPF, for example, catch a made up email address > from a worm > > which not only routed via the correct SMTP server for the machine it > was > > running on, but also used the correct domain and simply forged the > user > > mailbox portion of the address. > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On > Behalf Of > > > Randal, Phil > > > Sent: 10 September 2004 10:12 > > > To: Exchange Discussions > > > Subject: RE: SPF Warning > > > > > > Most Windows viruses use spoofed "From:" addresses, so SPF could > > > help to block outbreaks at the earliest possible time too. > > > > > > Phil > > > > > > ---- > > > Phil Randal > > > Network Engineer > > > Herefordshire Council > > > Hereford, UK > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] > On Behalf Of > > > > Kennedy, Jim > > > > Sent: 09 September 2004 13:17 > > > > To: Exchange Discussions > > > > Subject: RE: SPF Warning > > > > > > > > > > > > Actually, that is all it does. Spoofeddomain.com has a list of > > > > permitted sending domains set up by the owner of that > domain. If > > > > spammy spoofs the from domain and uses an trojaned > Comcast cable > > > > customer's machine to send with your email server sees that the > > > > Comcast machine is not on the list of permitted froms > and rejects. > > > > > > > > It does not prevent spam, it takes away one of the tools > > > that spammers > > > > use to send spam and makes it a bit harder for them to do > > > it. That is > > > > good, but it is not a complete solution. > > > > > > > > -----Original Message----- > > > > From: On Behalf Of Durkee, Peter > > > > > > > > > > > > My understanding is that it doesn't prevent spoofing of > the From > > > > address, though it would be really nice if I'm wrong about this. > > > > > > > > -Peter > > > > > > > > > > > > > > > > > > > > > > > > > _________________________________________________________________ > > > > List posting FAQ: > http://www.swinc.com/resource/exch_faq.htm > > > > Web Interface: > > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > > > ext_mode=&lang=english > > > > To unsubscribe send a blank email to %%email.unsub%% > > > > Exchange List admin: [EMAIL PROTECTED] > > > > To unsubscribe via postal mail, please contact us at: > > > > Jupitermedia Corp. > > > > Attn: Discussion List Management > > > > 475 Park Avenue South > > > > New York, NY 10016 > > > > > > > > Please include the email address which you have been contacted > with. > > > > > > > > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Web Interface: > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > > ext_mode=&lang=english > > > To unsubscribe send a blank email to %%email.unsub%% > > > Exchange List admin: [EMAIL PROTECTED] > > > To unsubscribe via postal mail, please contact us at: > > > Jupitermedia Corp. > > > Attn: Discussion List Management > > > 475 Park Avenue South > > > New York, NY 10016 > > > > > > Please include the email address which you have been > contacted with. > > > > > > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: http://intm-dl.sparklist.com/cgi- > > bin/lyris.pl?enter=exchange&text_mode=&lang=english > > To unsubscribe send a blank email to [EMAIL PROTECTED] > > dl.sparklist.com > > Exchange List admin: [EMAIL PROTECTED] > > To unsubscribe via postal mail, please contact us at: > > Jupitermedia Corp. > > Attn: Discussion List Management > > 475 Park Avenue South > > New York, NY 10016 > > > > Please include the email address which you have been contacted with. > > > > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang=english > To unsubscribe send a blank email to > %%email.unsub%% > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
