dar...@chaosreigns.com wrote:
On 02/02, Marc Perkel wrote:
Why would you want to catch domains without SPF as SPF has no
relationship to detecting spam?
SPF is entirely about spam.
http://www.openspf.org/Introduction
If everyone uses SPF, all we need to block all spam is these rules
(SPF_NOT_PASS alone should do it), and a blacklist of domains that have
SPF records including IPs that send spam.
What about the situations where you can't use SPF?
Do you think spammers are incapable of setting an SPF record on their
own domains.
ISPs blocking outbound port 25 would probably stop the majority of spam
overnight, but that isn't likely to happen either, and spammers would
simply find another method as they're not likely to just sit around and
watch their highly lucrative business evaporate overnight.
SPF is easy, there's a wizard http://www.openspf.org/, then you paste
the results into the DNS TXT record for your domain).
It's never going to happen. We can't even get half the banks to
implement measures like SPF or DKIM, and they are getting the hell
phished out of them and are exactly the type of sector you'd expect to
be using such measures to prevent spoofing and making it easier for
their clients to spot forgeries.
