On Thu, 24 Jun 2004 11:58, "Jason Lim" <[EMAIL PROTECTED]> wrote: > > most ISPs (and mail service providers like yahoo and hotmail), for > > instance, will never have SPF records in their DNS. they may use SPF > > checking on their own MX servers, but they won't have the records in their > > DNS. their users have legitimate needs to send mail using their address > > from any arbitrary location, which is exactly what SPF works to prevent.
If someone wants to use a hotmail or yahoo email address when sending email to me then they will use hotmail/yahoo servers to send it. My mail server will prevent them doing otherwise, and has been doing so since before SPF started becoming popular. > This also applies to most hosting companies. If your ISP prevents outgoing > SMTP (port 25) to other mail servers and you are forced to use your ISP's > mail servers, then the "mail server" is not going to match that of your > hosting account or domain name. Thus SPF fails again in this case. You just have to enable the ISP's mail server in the SPF configuration. That allows a customer of the same ISP to joe-job you, but sorting THAT out should not be so difficult. > I feel SPF is not going to be implemented many placed not because people > don't wont to reduce spam, but because SPF just won't work in many cases. > In fact, depending on how you look at it, it doesn't reduce spam at ALL > (phising is certainly bad, but that is a separate problem). If it stops people from joe-jobbing me then that's enough reason to have it. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
