At 11:55 PM 12/13/2004 -0500, Peter Matulis wrote:
Hi, I have heard that SPF is controversial among mail administrators. Why is that?
I think mostly because people view it as a general purpose anti-spam tool. With such a perspective, it's easy to poke holes in and declare it useless. "Spammers can just register their own domain and publish SPF records..." etc... Of course, they are right. But they are attacking the obvious.
SPF isn't intended to stop people from sending spam, it's intended to stop forgery, or at least make it more difficult. IMO, it's actually more powerful against viruses than spam, but it does act as a good weapon against joe-jobs, and helps against phishers posing as ebay.com. In the long run, this can also make it's impacts on spammers, as sender domain whitelists and blacklists can be made more readily. Imagine a day where you can verify that an email from [EMAIL PROTECTED] passed through hotmails servers. This is what SPF offers. It's not a tool to bring global spamming to a halt, but it's easy, simple, and makes certain aspects of email more usefl.
Of course, there's other arguments too.. Redirectors, forwarding services, etc, but these have their solutions. (Hint: SPF at each stage, and when you remail, use a return path that points at your own servers like a mailing list does. Poof, problem solved.)
How many people use it (on this mailing list)?
At present I publish SPF records, but I don't yet check SPF records on inbound mail.
Note: sorry for the late mail, this was in my outbox since this morning.. I forgot to send.. Since then, several in this thread have made the classic anti-spf argument that I mention here..
ie: jdow wrote:
The chief thing SPF does is clutter up name server traffic to prove something of little or no use when scoring spam.
A true argument, but utterly missing the point, unfortunately.
