Experience has shown us that the users mostly affected by spam/spoof/joejob/phishing/etc either do NOT care where the mails come from, or they don't have the technical expertise to understand that "mybank.com" is not the same as "myb4nk.com".
Along that line, an astute spammer registers myb4nk.com for $6 at Godaddy (for example), properly publishes the required SPF and blasts some millions of body-enlargement emails away. Now, mind you, the spammer will wildcard the SPF such that when your SPF-dependent MTA gets the emails and examines the published SPF info, your server is obliged to accept the mails because the spammer had indicated that any email purporting to come from myb4nk.com can be sent by anyone :) Sweet. Let's look at it from another commonly used tactic - Trojan-infected zombies. Your corporate users, sitting inside your network can help the spammer in one of 2 ways. Your user has been trojanized and ready to accept intructions to send out SPAM. The astute/creative Trojan writer has written the malware to determine the user's domain name, look up the MX and then appropriately craft the SPAM mail to use the user's mail client to send out the SPAM. There is nothing in SPF to stop this. In another way, the malware can just be written to send out the mail with @myb4nk.com as the FROM address, even though it was sent from inside your network. The receiving server will now as the DNS server for myb4nk.com for the list of authorized SMTP servers for this domain. The DNS server will duly respond "anyone can do that, so don't worry". Again, according to SPF, this is enough for your server to receive the SPAMs. Not does SPF, Sender-ID, etc not stop SPAMs, the manufactured "urgency" and misinformation surrounding their introduction and implementation is, IMNSHO, very dangerous and alarming. I just had a well-known remailer trying to twist my arm to get me to implement SPF right now because, according to them, come October 10, AOL will stop receiving emails from any server that has not implemented SPF. Of course when I asked for a proof of such AOL mandate, they couldn't give me anything. When I pointed out that there has so far been no agreement as to the Standard and modalities for implementation of any of the competing versions and that the MARID has not made a final opinion on them, they sheepishly told me that it would be better "to have something in place anyway". I told them what to do with their body parts in a very non-politically-correct way. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
