On 6/19/06, Ilya Konstantinov <[EMAIL PROTECTED]> wrote:
Note that SPF is not something reserved for high-profile domains. Every Nigerian scam domain can deploy SPF and then it'll be verifiable fair and square. So, no easy way of killing off all those Nigerian scams? You betcha there isn't.
That's because SPF is not intended to solve the spam problem, it's intended to solve the domain masquarading problem. It's basically an authentication method where you trust a trusted 3rd party (the DNS server) to tell you which hosts are allowed to send mail on behalf of the domain that you're querying about. For example, my SPF record is: arik.baratz.org. 43200 IN TXT "v=spf1 include:aspmx.googlemail.com ~all" This means that I trust aspmx.googlemail.com to tell which hosts are allowed to send email on my behalf. Google's SPF record is: aspmx.googlemail.com. 7200 IN TXT "v=spf1 redirect=_spf.google.com" and _spf.google.com. 274 IN TXT "v=spf1 ip4:216.239.56.0/23 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ?all" so these are the addresses that can send email for my domain. The immediate benefit from SPF is that it prevents joe-jobs, some spammer using your domain to send spam from. The future benefit when it is widely deployed would be black-list of domains that have sent spam. Since you can't forge your domain, you'd have to send spam from a domain you own, therefore you'd have to keep on buying domains as the existing ones get into the blacklist. -- Arik ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
