Subject: | |
From: | |
Reply To: | |
Date: | Sun, 8 Jun 2008 22:11:50 +0800 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Miguel A. Lerma wrote:
> I have a mail server with sendmail running on Scientific Linux 5.1.
> I would like to check SPF (Sender Policy Framework) on incoming
> mail. Does anybody have experience with this?
I used to be on a couple of antispam lists, whose names I now don't recall.
There was much discussion of SPF and CSV, and I hadn't a clue what they
were talking about, so I asked.
From the explanations there, and articles in other places, I quickly
decided it's inherently broken.
Since then, I've forgotten much of the argument, but a quick google
turned up this:
http://homepages.tesco.net/J.deBoynePollard/FGA/smtp-spf-is-harmful.html
A key point is this:
"SPF runs fundamentally counter to this architecture. The primary design
of SPF is that the owner of a domain name publishes a list of SMTP Relay
client machines associated with that domain, and that SMTP Relay servers
reject mail with any such envelope sender mailbox names that does not
come from an SMTP Relay client that is on that list. The architecture
that SPF thus actually mandates is one where mail is delivered directly
from originator to recipient, with no "store and forward" hops in between."
This gives an overview of many more antispam techniques than I know of:
http://www.oecd-antispam.org/article.php3?id_article=241
Recently, I've seen several questions asked by people implementing SPF,
so this leads me to ask, "Why is it so??
--
Cheers
John
-- spambait
[log in to unmask] [log in to unmask]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
|
|
|