[Asrg] Re: SPF abused by spammers

[Frank Ellermann <nobody at xyzzy.claranet.de>]

mathew wrote:

> If someone can actually give a plausible mechanism by which
> SPF will do more than protect me from joe jobs, one which
> doesn't rely on an outbreak of mass responsibility and
> competence amongst ISPs, then I'll be happy to change my
> opinion.

Have you considered C/R systems in conjuction with SPF ?  At
the moment C/R systems are IMO clear on the side of net abuse,
if they're not massively protected by spam filters.  With SPF
C/R systems would be again "only" annoying (that's below the
level of net abuse in my terminology).

> I see SPF as something which has been massively overhyped.

True.  It's just an implementation of RMX working today in the
real world.  With SPF something like RfC 3834 makes sense.

And it's certainly better than CAN-SPAM, RfC 3865, opt-out, or
Sender-ID, if you reduce SPF to an "anti spam" strategy.  Which
it's clearly not.  SPF only fixes a blatant hole in SMTP, the
"forward to 3rd party" hack.  On the same level as the %-hack,
or as blocking open relays.
                            Bye, Frank



_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg