Author: Peter Bowyer Date: To: exim users Subject: Re: [exim] Sender callout verification on BATV signed addresses
On 14/05/2009, Dave Lugo <dlugo@???> wrote: > On Thu, 14 May 2009, David Saez Padros wrote:
> >
> > If you read the arguments against callout it says that callouts are
> > a broken technique but that's not true (at most a deficient
> > implementation of sender callout could be broken) and the problem
> > he has is not about sender callouts is about people forging his
> > domain, which he can prevent by publishing spf records. Same for
>
> As a datapoint:
>
> I've seen spammers disregard SPF, and send a few hundred K
> items/day that are forged.
SPF doesn't stop someone sending forgeries, it enables a 3rd party to
opt not to receive them, and especially, not to bounce them to the
forged sender.
A smart spammer might inspect the SPF records of a domain he was about
to forge and not forge a domain that is SPF-protected, though. Even
more reason to SPF-protect your domain.
Peter
--
Peter Bowyer
Email: peter@???
Follow me on Twitter: twitter.com/peeebeee
