Marc Perkel wrote: > From openspf.org > > http://old.openspf.org/aspen.html > Marc, this link is not describing SPF as an anti-spam technology. It's describing how SPF can be coupled with an accreditation service to create an anti-spam technology.
Nobody's saying SPF has no use in anti-spam, it has some uses when combined with the right tools. However, fundamentally, SPF by itself is not an anti-spam technology. Any spam control resulting from using SPF by itself is purely due to careless and/or clueless spammers who could easily avoid being blocked by SPF. SPF is useful for: 1) Forgery control - most notably in social engineering attacks, phishing and viruses. 2) Whitelisting - Using SPF to verify the proper servers for an otherwise domain-based whitelist is a potent tool for domains you trust. Compared with simple from-domain based whitelisting it resists forgery. Compared to from-domain + IP or RDNS domain SPF whitelisting allows your whitelist to automatically adapt to changes in their networks, while still offering equal forgery resistance. 3) Squashing purely stupid spammers. They can easily avoid it, but some spammers can't help themselves. (Just like the ones who keep using your own servername as a HELO. This is trivial to filter on, trivial to modify a spam tool to avoid the filter, yet so many spammers still do it.) SPF may be useful in spam control, but it's not a particularly powerful anti-spam tool, nor is spam control SPF's best feature/application. Unfortunately, many proponents of SPF like to hawk #3 like it's the primary point of SPF. Personally I view this as over-hyping the technology in an attempt to gain press and improve adoption. (And before you jump on them for such things, at least be self-aware enough to realize you're one of the strongest over-sensationalists on the entire Internet that is not employed by Microsoft, SCO, or a spammer. Over-sensationalizing isn't always a bad thing, sometimes it is a means to an end. Sometimes your bold over-hype is a catalyst for discussion that results in useful ideas. Their over-hype might get folks to adopt a useful technology, even if they end up later discovering it's more useful for other things.)
