On Mon, Mar 08, 2004 at 09:04:53AM -0800, Bart Schaefer wrote: > On Mon, 8 Mar 2004, Ilan Aisic wrote: > > > Before I go and implement it in my DNS, I'd like to solicit opinions about > > it from the list. > > "It can't hurt but it might not help much." > > SPF is designed to solve a specific problem: Joe-jobbing, that is, the > forgery of your domain-part in the sender addresses of spam. > > It specifically cannot prevent a spammer from using any domain whose DNS > is under his (legitimate or otherwise) control, on mail that is sent > through open relays/proxies, hijacked PCs, etc., because all the spammer > would need to do is advertise in his own SPF records that those locations > are allowed to send his mail.
Or he could simply put up no SPF records at all. SPF adoption will be at best spotty, and if you're going to bump up score much for SPF entirely lacking, as opposed to SPF present but indicating the mail came from the wrong place, you'll see significant false positives. That said, SSC's records are ready! -- Dan Wilder
