On Thu, Mar 11, 2004 at 11:55:36PM -0800, Jason wrote: > I think the most interesting point is that, while a > good background of the problem and proposed solutions > is given, it seems there really is no good answer > currently. The author does make mention of Sender > Permitted From (http://spf.pobox.com/), which was > recently mentioned to me by a co-worker and is the > solution I've been looking into most lately. SPF may work for cutting out spam spoofed from aol/yahoo/msn accounts. However a lot of domains don't even have valid ptr records. How are they going to figure out how to setup a ptr record? Even if they did, there are going to be a lot of sites that won't set this up. There are many legit boxes that spammers have broken in to to send spam.
> Any opinions from the list on where this field/problem > is going? Will it continue (as in the rest of the > field of security) to be an arms race? The article doesn't mention greylisting, which I think is a good temporary solution. It greatly increases the cost to spammers. I think it will continue to be an arms race until either the protocol or the infrastructure changes. I have not yet heard of a practical and secure replacement/extension to smtp. Cory -- Cory Petkovsek Adapting Information Adaptable IT Consulting Technology to Your (858) 705-1655 Business [EMAIL PROTECTED] www.AdaptableIT.com _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug