AOL isn't going to stop accepting mail from non-SPF compliant domains. They're going to stop whitelisting certain partners unless they are SPF compliant. That's a huge difference.
That's probably going to end up being one of the biggest advantages of SPF. Whitelisting business partners just based on domain. Right now if I want to reliably white list [EMAIL PROTECTED] I'd have to match against IP address also. With SPF you can just rely on the partner to have their SPF records correct. What I don't get is everyone is saying SPF sucks because it isn't going to stop all spam. Well XP SP2 isn't going to stop all worms but it still has a lot of good anti-worm features to it. All SPF is going to do is make the From field somewhat legitimate. So at least we can say when it comes from @aol.com, or @microsoft.com, we know that those companies have authorized it at a basic level. What I don't understand is digital signatures does just that, except authenticates to the address instead of the domain (so it's n times better), so it seems like before we created SPF, we don't we just start forcing people to use digital signatures somehow. Steve Evans SDSU Foundation -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Deji Sent: Saturday, September 11, 2004 11:54 AM To: Exchange Discussions Subject: RE: SPF Warning Experience has shown us that the users mostly affected by spam/spoof/joejob/phishing/etc either do NOT care where the mails come from, or they don't have the technical expertise to understand that "mybank.com" is not the same as "myb4nk.com". Along that line, an astute spammer registers myb4nk.com for $6 at Godaddy (for example), properly publishes the required SPF and blasts some millions of body-enlargement emails away. Now, mind you, the spammer will wildcard the SPF such that when your SPF-dependent MTA gets the emails and examines the published SPF info, your server is obliged to accept the mails because the spammer had indicated that any email purporting to come from myb4nk.com can be sent by anyone :) Sweet. Let's look at it from another commonly used tactic - Trojan-infected zombies. Your corporate users, sitting inside your network can help the spammer in one of 2 ways. Your user has been trojanized and ready to accept intructions to send out SPAM. The astute/creative Trojan writer has written the malware to determine the user's domain name, look up the MX and then appropriately craft the SPAM mail to use the user's mail client to send out the SPAM. There is nothing in SPF to stop this. In another way, the malware can just be written to send out the mail with @myb4nk.com as the FROM address, even though it was sent from inside your network. The receiving server will now as the DNS server for myb4nk.com for the list of authorized SMTP servers for this domain. The DNS server will duly respond "anyone can do that, so don't worry". Again, according to SPF, this is enough for your server to receive the SPAMs. Not does SPF, Sender-ID, etc not stop SPAMs, the manufactured "urgency" and misinformation surrounding their introduction and implementation is, IMNSHO, very dangerous and alarming. I just had a well-known remailer trying to twist my arm to get me to implement SPF right now because, according to them, come October 10, AOL will stop receiving emails from any server that has not implemented SPF. Of course when I asked for a proof of such AOL mandate, they couldn't give me anything. When I pointed out that there has so far been no agreement as to the Standard and modalities for implementation of any of the competing versions and that the MARID has not made a final opinion on them, they sheepishly told me that it would be better "to have something in place anyway". I told them what to do with their body parts in a very non-politically-correct way. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
