On Wed, 14 Jan 2009, Paschal Nee wrote:
> v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20
> ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20
> ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ?all
Why do you think spammers are unable to setup valid SPF records?
Spammers were the leading *ADOPTERS* of SPF (note that this article
is from 2004):
http://www.techworld.com/security/news/index.cfm?newsid=2154
I'm just amazed there are *still* people touting SPF as being an
effective anti-spam solution...
It might have some amount of value as an attestation device ("this
mail seems like it came from a valid example.com mail server") - but
that still doesn't seem very useful (ok, great - but is it really
from joe at example.com though?). However, I don't know of any MUAs that
allow the user to easily see whether a mail passed SPF (and it'd need
MTA co-operation to do this reliably, I suspect)..
If that kind of thing matters, one really ought to be encouraging
digital signatures (preferably based on a PKI where certification is
in the hands of the people, like PGP), rather than SPF.
SPF was a weak, very short-term hack when it was first conceived, and
it's now way past its expiry date.
2004 is calling and wants this argument back..
regards,
--
Paul Jakma paul at clubi.iepaul at jakma.org Key ID: 64A2FF6A
Fortune:
The more crap you put up with, the more crap you are going to get.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
