[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200603220109.k2M19nZW007047@turing-police.cc.vt.edu>
Date: Wed Mar 22 01:09:58 2006
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Re: Noise on the list
On Tue, 21 Mar 2006 17:25:42 EST, Micheal Espinola Jr said:
> On SPF: Perhaps some of the bogus impersonation posts would get
> caught/blocked by a simple SPF check?
The problem with SPF is that it requires the manager of the purported source
domain to configure it, and possibly to take other actions as well. So for
instance, gmail.com already publishes an SPF record - but it ends in "?all",
and will probably continue doing so as long as gmail.com mail can come from
places other than the main gmail servers.
And to fix *that* would require all the gmail users to configure their mail
clients to send via gmail's servers, which adds to the support costs.
Also, SPF doesn't exactly solve that problem - what it solves (if deployed to
do so) is answer the question "Is mail for foo.com expected to arrive from IP
address a.b.c.d?". That's *not* precisely the same thing as "is this bogus
impersonated mail?".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060321/244ed072/attachment.bin
Powered by blists - more mailing lists