Phil Barnett wrote:
On Tuesday 12 December 2006 07:28, JamesDR wrote:
There is nothing in SPF to keep a spammer with a botnet from putting
0.0.0.0/0 as their approved domain limit.
Sounds like a good spam sign to me. Let the spammers put 0.0.0.0/0 in
their spf records, I'll pop in 3 points for good measure.
But, you are making some assumptions at this point and that is the crux of why
SPF can't work very well.
Say you give points for that one. So, where do you draw the line. Do you give
points for (for example) 123.0.0.0/8? What if that is someone's legitimate
domain space?
Bot masters can easily set up SPF addresses that will encompass giant subnets
of bots. You'll never know where to draw the line.
Agreed Phil
True - SPF his hopelessly broken and must die.
Repeat after me SPF breaks email forwarding. SRS breaks the ability to
do conditionals based on the true from address. SPF blocks no spam but
it does create false positives on legitimate email. It's a technology
that has no up side at all and a severe down side.
