--On 7 May 2009 07:10:36 -0700 Marc Perkel <marc@???> wrote:
>
> Granted that a spammer could forge received headers. Most don't. I'm
> thinking that not bouncing forwarded email is better than the few
> spammers who sneak through. And if a spammer is forging received lines
> that might be detectable if they don't do a good job of it. I think it
> would be a useful feature if it were in there.
That depends what you're using it for. If you're using SPF for whitelisting
trusted domains, then you're going to have to keep a close eye on the spam
that gets through. When the spammers catch on, you'll have to stop using
it.
On the other hand, you could say that if none of the hosts have an SPF
match, and the sender domain uses -all, then reject. That would get you
some wins with no losses. In the long run though, this would just be
another ratchet in the arms race and we'd finish in a place where spam is
harder to detect. Eventually the spam engines will catch up, though this
rule would still catch some residual spam.
I don't understand the tone of argument in this thread to date. It seems
that every suggestion Marc Perkel makes is met with a barrage of
misrepresentation. It's not a bad idea. It won't on its own fix the spam
problem, but it can have some utility.
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see
http://www.sussex.ac.uk/its/help/
