[Asrg] Round 2 of the DNSBL BCP - "collateral damage"
Dotzero
dotzero at gmail.com
Fri Apr 4 05:07:50 PDT 2008
On 4/3/08, Matthew Sullivan <matthew at sorbs.net> wrote:
>
> Seems a lot of people forgot what SPF gives/does not give.
>
True.... see below.
> It is not a solution to spam, however it is a way to stop sender forging
> by spammers. In the same vein it also stops phishing where the phisher
> forges the target org for the from email address. It also stops, in
> combination with ensuring the domain actually exists, viruses that are
> sending by using random domains for the from address.
>
SPF does NOT protect the "From" email address (RFC2822). It DOES
protect the "Mail From" address (RFC2821) from specific types of abuse
in some circumstances if the receiving domain is checking SPF.
>
> Beyond that, and the people that setup SPF records that are not
> explicit, it doesn't really stop anything.
>
True
More information about the Asrg
mailing list