> http://www.infoworld.com/article/04/08/31/HNspammerstudy_1.html
> Did you read the end of the article? SPF prevents forgery, not spam. It's > still valuable even if spammers use it. Maybe I'm missing something obvious, but how does this differ from maintaining valid forward and reverse DNS entries? Let's assume I want to forge an email as coming from maila.microsoft.com. I create a Postfix system and give it that name, but I'm - of course - using a non-MS IP address (10.1.1.1, for argument's sake.) I try to connect to your system, and you note the IP address. You go to my ISP's reverse DNS records (which, not so coincidentally, happens to be under my control as well) and verify that I have a PTR correlating 10.1.1.1 to maila.microsoft.com. Then, you go to the DNS records of microsoft.com (which I do NOT have access to control) and see that according to Microsoft mail1.microsoft.com is actually 131.107.3.125. You note the discrepency and - BAM! - you reject my connection. So here's where I don't understand the point of SPF. With the existing system it is impossible to fully forge my identity as being maila.microsoft.com; thus, if we use the DNS system as it was designed we can eliminate emails from forged SMTP servers. Then, once that's in place, we can then easily identify and blacklist those servers that are PROPERLY set up with forward and reverse DNS records but still send out spam. Without ANY additional designs or systems in place we've eliminated virtually all intentionally forged emails and have a flexible system that can rely on existing technology (e.g., SURBL, Razor) to scale going forward. The only risks we're left with are individuals using legitimate systems (AOL, Earthlink) to spam, and those can be shut down easily by their administrators (which is still a risk with SPF...) Like I said, maybe I just don't understand the proposed system or I'm missing something obvious... GA
