[ On Thursday, September 23, 2004 at 16:53:00 (-0400), David Brodbeck wrote: ]
> Subject: RE: [exim] support for domainkeys
>
> Essentially the issue here is that no one cares about the MAIL FROM address,
> except when the mail bounces.
Exactly.
The worst part of the SPF (and PRA?) "solution" is that it fails
miserably in exactly the places it was proposed that it would help.
1. the worst "offenders" of forged sender address backscatter are the
millions of stupidly configured and/or broken-by-design MTAs that
accept any and everything and then bounce it if they can't deliver
it.
2. we haven't been able to get many of those millions of postmasters to
simply implement even the most basic recipient verification mechanims
so how the heck are we to ever hope they'll implement SPF?
> That's a weakness of SPF as an anti-phishing
> method.
Well I don't know about SPF as an anti-phishing fix (do you mean
"address harvesting prevention"?).... In any case it doesn't apply at
all to the mailbox part of an address -- just the domain part.
- --
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <woods@???>
Planix, Inc. <woods@???> Secrets of the Weird <woods@???>
