[plug] Sender Policy Framework (SPF)
Craig Ringer
craig at postnewspapers.com.au
Wed Sep 8 15:56:33 WST 2004
On Wed, 2004-09-08 at 13:57, James Devenish wrote:
> Spammers identify themselves by adding SPF records for their domains. If
> you receive an e-mail for which there is an SPF pass or failure, discard
> the message ;-)
$ dig +short -t TXT @ns1.iinet.net.au postnewspapers.com.au
"v=spf1 a mx ptr -all"
*grr* :-P
> But, basically, as far as I know, the use of SPF is to
> discard messages for which the sender domain has been forged. It does
> not tell us whether an e-mail is legitimate, and for the majority of
> e-mails it tells us nothing about the e-mail.
Yep.
> However, it does at least
> allow you to trim back some of your spam.
It'll at least help with stuff being bounced through countless different
relays.
> To tell the truth, I haven't
> had as many problems with spam being 'passsed' by SPF recently, although
> I was definitely experiencing it earlier in the year (I am an SPF
> sceptic).
I think SPF is very important, it's just that people have been looking
at it as something it's not. It's /not/ going stop spam. It /will/, if
widely implemented, make it much harder (I won't say impossible) to
force source domains, hopefully making RHSRBLs more effective and more
importantly reducing the chaos produced by From: address spoofing
viruses.
I hope. I'm sick of getting "you sent me a virus!" messages. I'm really,
really, sick of replying and explaining what's really going on.
--
Craig Ringer
More information about the plug
mailing list