Re: [exim] SPF Feature - Walk Received header

Top Page
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: W B Hacker
CC: exim users
Subject: Re: [exim] SPF Feature - Walk Received header


W B Hacker wrote:
> Marc Perkel wrote:
>
> *trimming this - it has gotten overlong...
>
> (Peter Bowyer)
>
>>>> Granted that a spammer could forge received headers. Most don't.
>>>>
>>>>
>>> Eh? Have you looked at many spam samples lately? Or in the last 10 years?
>>>
>>>
>>>
>>>> I'm
>>>> thinking that not bouncing forwarded email is better than the few spammers
>>>> who sneak through.
>>>>
>>>>
>>> Not spammers - forgers. Providing a way to defeat an anti-forgery
>>> mechanism wouldn't be my choice. But hey, if that's what you want....
>>>
>>>
>>>
>>>
>> I'm thinking that forgers would be less of a problem that false
>> positives produced by forwarded email. I'm more concerned about false
>> positives which are far more common under SPF.
>>
>
> Marc,
>
> bass-ackwards logic. spf was intended to aid in reducing forgery, and -
> regardless of claims, cannot do that perfectly anyway.
>
> You can 'compromise' the utility of some other tool, but further
> compromising spf forgery-reduction capability is worse than simply
> ceasing to look at it at all.
>
> Grind the sharp-edge flat on an axe and go pound nails with it.
>
> Or sand.
>
> Either way, it makes a poor hammer. The balance is all wrong.
>
> Bill
>
>


SPF is for the most part useless. I'm trying to figure out SOME use for it.