SPF RRType
Barry Margolin
barmar at alum.mit.edu
Fri Aug 12 00:39:14 UTC 2005
In article <ddgmjh$2fje$1 at sf1.isc.org>,
Brad Knowles <brad at stop.mail-abuse.org> wrote:
> That doesn't change the fact that 99% of e-mail sent from
> SPF-enabled domains is actually spam, and therefore anyone who
> receives e-mail from an SPF-enabled domain has a 99% probability that
> the message is spam.
Isn't it the case that close to that percentage of *all* e-mail is spam?
So there's nothing really that special about e-mail from SPF-enabled
domains.
While I think most generic companies have not bothered publishing SPF
records, several of the major e-mail players (e.g. Hotmail and AOL)
have. Of course, much of the mail from hotmail.com and aol.com *is*
spam, but there are also lots of regular users in those domains.
SPF clearly has been misunderstod as an anti-spam mechanism. What it
*is* (when it's appliable) is an anti-forgery mechanism. The type of
spam this would be most useful in protecting against is phishing scams,
since the phishers would be unable to forge @paypal.com and @ebay.com
addresses. However, if I understand how SPF is normally implemented, it
only checks the envelope sender, not the From: line in the header, which
is what users normally see and depend on.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list