North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Spammers Skirt IP Authentication Attempts
On Mon, Sep 06, 2004 at 04:26:04AM -0700, Henry Linneweh <hrlinneweh@xxxxxxxxxxxxx> wrote a message of 4 lines which said: > This is not a good beginning > > http://www.eweek.com/article2/0,1759,1642848,00.asp Bad paper. The CipherTrust story, which is mentioned, is very weak: it contains several big mistakes (such as mentioning SenderID records... which do not exist yet since the working group is in the "last call" state) so I question its credibility. Regarding the facts, testing on my "spam" mailbox, I can see SPF records from spammers but it is very uncommon (there is no incentive for them to publish SPF immediately, because few sites will test them). Otherwise, SPF is not anti-spam by itself. In the same way that network security is not provided by a firewall alone, anti-spam protection is not provided by SPF alone. SPF is an enabler: it allows you to be more confident in the authenticity of the domain, giving reputation systems (whilelists and blacklists) a better chance to succeed.