| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Mar 22 01:09:58 2006 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Re: Noise on the list On Tue, 21 Mar 2006 17:25:42 EST, Micheal Espinola Jr said: > On SPF: Perhaps some of the bogus impersonation posts would get > caught/blocked by a simple SPF check? The problem with SPF is that it requires the manager of the purported source domain to configure it, and possibly to take other actions as well. So for instance, gmail.com already publishes an SPF record - but it ends in "?all", and will probably continue doing so as long as gmail.com mail can come from places other than the main gmail servers. And to fix *that* would require all the gmail users to configure their mail clients to send via gmail's servers, which adds to the support costs. Also, SPF doesn't exactly solve that problem - what it solves (if deployed to do so) is answer the question "Is mail for foo.com expected to arrive from IP address a.b.c.d?". That's *not* precisely the same thing as "is this bogus impersonated mail?". -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 228 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060321/244ed072/attachment.bin
Powered by blists - more mailing lists