> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Jeroen van Aart > Sent: Thursday, October 30, 2008 2:31 PM > To: Exim Users List > Subject: Re: [exim] Anti Phishing ACL > > neil wrote: > > I have tried in the past to contact banks and ask about > SPF, DKIM etc, > > but I have had no reply. > > Rightfully so. I wouldn't trust a bank who'd just comply to > the whims of > an individual emailing them about this or that random > questionable feature. > > > Yes I know that SPF etc breaks stuff <cue furious debate about > > forwarding>, but I would have though that in the few cases > where people > > set up deliberate forwarding they could whitelist, versus > the millions > > of phishing mails sent each day. > > Do you honestly believe that SPF or whatever is the newest > fancy useless > feature will prevent phishing even a tiny bit? I don't. SPF > doesn't just > break forwarding but can actually promote spam and spammers > appear to > have adopted it quickly: > http://www.theregister.co.uk/2004/09/03/email_authentication_spam/ >
One should not accept a message because SPF is passed, but one should surely reject a message if SPF says fail. Would obviously not deter all phishing, however if one wanted to pursue a phising site the very fact that their spf records pass that host means the domain owner has accepted responsibility for the email. But one thing SPF/DKIM/etc should help with joe-jobs. Nothing bugs me more than getting a bunch of back-scatter when my SPF record states exactly what hosts are allowed to send mail for my domain(s) and hard fails all others (or dkim not used/invalid) and the email in question obviously came from a comcast host. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
