On Tue, 21 Mar 2006 17:25:42 EST, Micheal Espinola Jr said: > On SPF: Perhaps some of the bogus impersonation posts would get > caught/blocked by a simple SPF check?
The problem with SPF is that it requires the manager of the purported source domain to configure it, and possibly to take other actions as well. So for instance, gmail.com already publishes an SPF record - but it ends in "?all", and will probably continue doing so as long as gmail.com mail can come from places other than the main gmail servers. And to fix *that* would require all the gmail users to configure their mail clients to send via gmail's servers, which adds to the support costs. Also, SPF doesn't exactly solve that problem - what it solves (if deployed to do so) is answer the question "Is mail for foo.com expected to arrive from IP address a.b.c.d?". That's *not* precisely the same thing as "is this bogus impersonated mail?".
pgpf0ulDJySNh.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
