----Original Message---- From: Marc Perkel [mailto:m...@perkel.com] Sent: Thursday, February 25, 2010 6:11 PM To: Rick Cooper Cc: 'ram'; users@spamassassin.apache.org Subject: Re: Off Topic - SPF - What a Disaster
> Rick Cooper wrote: >> >> >>> The anti-SPF bandwagon is not ego driven but results driven. Than >> you >>> for admitting that SPF in not a spam filtering solution. >> However it >>> is also not a white listing solution because as many >> people have said >>> here - spammers are the ones who are using SPF >> correctly. I can see >>> some theoretical benefits that if you have a >> list of banks with SPF >>> and you receive an email from an address >> that the bank lists then you >>> can safely pass it. But I find that an >> easier way to do that is to >>> use FCrDNS to do the same thing. >> >> >>> On the down site SPF breaks email forwarding and it creates a false >> >>> sense that people are doing something to fight spam or protect ham >> >>> that is not supported by reality. SPF has received intellectual >> >>> welfare because stuff that doesn't work tends to be culled out of >> >>> spam assassin and other than backscatter most people here are >> telling >>> the SPF supporters that it doesn't work. If SPF is becoming >> more >>> popular it just means that more people are misled. >> >> So then SRS Doesn't work for forwarding systems? I ask because I am >> not a forwarding service and, as I only handle corporate mail >> systems, do not give access to arbitrary forwarding to the mail >> users so we do not have tons of (external) forwarding going on. Since >> SPF and SRS are like legs on the same body I will assume trying to walk >> with >> one leg produces results similar to a forwarding service using SPF >> without SRS. I personally would love comcast would list all of their >> Valid outbound mail hosts and hard fail all others, same with aol, >> yahoo, gmail, etc. Seems to me if you are going to push email all over >> hell's half acre it behooves you To use any and all tools available to >> take responsibility for those mails and SPF is One of several tools that >> can do that, at least to some extent. If there would have been Some kind >> of total commitment to spam 10 years ago we would not be where we are >> today and Spamassassin (as it is) would not be quite so necessary. >> >> (My apologies for the pathetic attempt at manually reformatting >> the original html post) >> >> > > SRS is even more broken than SPF. I allow users to white list or black > list based on the sender. If you rewrite the sender then you lose sender > based conditionals. SRS has no use other than to try to fix SPF which > has no use in the first place. I suppose you would have to add logic to your whitlisting to accommodate an SRS message, it's not like you cannot tell and the return path remains intact so the original sending address is still available for the white list. Pobox.com uses it (of course) and the are a forwarding service. I don't personally see SPF as a spam tool so much as someone taking responsibility for the mail they send. I suppose since all forwarding services are legitimate the world should just take messages originating from them as legitimate as well.... My bad Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
