On 2009-11-24, at 1:27 PM, Joel Jaeggli wrote: > > > valdis.kletni...@vt.edu wrote: >> On Tue, 24 Nov 2009 11:50:54 EST, Brad Laue said: >>> maintained. I'm unclear as to why mail administrators don't work more >>> proactively with things like SenderID and SPF, as these seem to be far >>> more maintainable in the long-run than an ever-growing list of IP >>> address ranges. >> >> There's a difference between maintainable and usable. Yes, letting the >> remote >> end maintain their SenderID and SPF is more scalable, and both do at least a >> plausible job of answering "Is this mail claiming to be from foobar.com >> really >> from foobar.com?". However, there's like 140M+ .coms now, and neither of >> them >> actually tell you what you really want to know, which is "do I want e-mail >> from >> foobar.com or not?". Especially when the spammer is often in cahoots with >> the >> DNS admins... > > identify framework with trust anchors and reputation management are not > things that spf or pra actually solve. spammers can publish spf and > senderid records and in fact arguably have more incentive to do so if it > can be demonstrated that your mail is more likely to be accepted on the > basis of their existence.
True, but wouldn't a blacklist of SPF records for known spam issuing domains be a more maintainable list than an IP block whitelist? (I'm no doubt missing something very obvious with this question) Brad
