[Asrg] Round 2 of the DNSBL BCP - "collateral damage"
Matthew Sullivan
matthew at sorbs.net
Thu Apr 3 18:58:24 PDT 2008
Rich Kulawiec wrote:
> On Thu, Apr 03, 2008 at 12:26:09PM -0500, David Nicol wrote:
>
>> I belive it be appropriate to include the distributed (rather than
>> centralized) dns-based robust distribution paradigm of SPF,
>> as a creature within the taxonomy of DNS-based reputation systems.
>>
>
> (a) I think of SPF et.al. as very different animals than DNSBLs,
> so -- at least to me -- this would be out-of-scope.
>
Seems a lot of people forgot what SPF gives/does not give.
It is not a solution to spam, however it is a way to stop sender forging
by spammers. In the same vein it also stops phishing where the phisher
forges the target org for the from email address. It also stops, in
combination with ensuring the domain actually exists, viruses that are
sending by using random domains for the from address.
Beyond that, and the people that setup SPF records that are not
explicit, it doesn't really stop anything.
/ Mat
More information about the Asrg
mailing list