On BNET: 5 classic computer pranks
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 27 of 57:
Next »
« Previous
Follow up
http://spf.pobox.com/faq.html#basics

Sender ID is similar to SPF as I understand it. Yes, it authenticates the machine based on the return-path. I'm not sure where you're getting your info from, but it looks like it's false. Your attempt to fool me with a technical-sounding message isn't working.

Some points:
-The "from" address is easily completely faked, so what can be done with it? It might as well be discarded. DomainKeys by Yahoo will probably help if you want to ensure the validity of the "from" address, but this only solves half the problem. SPF and Sender ID solve the other half.

-The "received" headers (ie, the return path) are much more useful, since the spammer cannot control the last entries, allowing the spam to be traced to a machine that's doing some faking. I would place that machine on a blacklist. SPF strengthens authentication of the source based on this path, because I can check the SPF record to see if the email really came from that machine. If it didn't, I can block the email. This ensures I'm not getting email from a machine that's saying it's somebody else, which is where 99.9% of my spam is coming from.

If the machine has an SPF record, and it's confirmed that it sent the email, I know it's legit. Now it becomes trivial. I know which machine is sending the spams, so I can easily block it.

What SPF does is to make machines easy to identify and block. 99.9% of my spam comes from machines that are hard to identify because they do a lot of spoofing.

So, yes, SPF and Sender ID *do* help curb spam. I can deal easily with machines that are easy to identifty, it's the machines that are hard to identify that give me headaches.
Posted by: CobraA1   Posted on: 09/14/04 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

I read the first paragraph and that was enough  mlindl | 09/13/04
Funny..  Patrick Jones | 09/13/04
Microsoft fails in their attempt to "own" e-mail.  Seething Ganglia | 09/13/04
meanwhile....  tamuhockey | 09/13/04
outlook - ms mail server works fine  V Sanders | 09/14/04
Do you have any proof?  d_jedi | 09/13/04
Did Microsoft put all the cards on the table?  DonnieBoy | 09/13/04
and if you wait until after the fact  V Sanders | 09/13/04
It would appear the answer is yes...  No_Ax_to_Grind | 09/14/04
what more?  ryusen | 09/14/04
Huh? Anyone can do a patent search...  No_Ax_to_Grind | 09/14/04
Can you do a pending patent search?  Michael Kelly | 09/14/04
Microsoft's track record speaks for its self  Seething Ganglia | 09/13/04
we have all seen with IE  V Sanders | 09/13/04
What did y'all expect after the DOJ ...  Judas I. | 09/13/04
Pobox's SPF email proposal  Nigel Johnstone | 09/13/04
And here is why that proposal won't work either:  Confused by religion | 09/13/04
SPF *still* working perfectly  Nigel Johnstone | 09/13/04
Blacklisting of SPF names risky.  dotis | 09/13/04
Sorry Milly, not a good link...  John Le'Brecage | 09/13/04
Sender-ID makes SPF stronger  Roger Ramjet | 09/14/04
No, not completely..  Patrick Jones | 09/13/04
spammers publishing SPF is GOOD!  CobraA1 | 09/14/04
Sender-ID authorizes, it does not authenticate.  dotis | 09/13/04
What?  Patrick Jones | 09/13/04
Umm, really?  CobraA1 | 09/14/04
Follow up  CobraA1 | 09/14/04
very cool  V Sanders | 09/13/04
Reality check to Microsoft- we don't need you.  Xunil_Sierutuf | 09/14/04
The real question, does it matter when you own the market.  No_Ax_to_Grind | 09/14/04
This is a server based technology, not desktop!  B.O.F.H. | 09/14/04
Correct, to a point.  No_Ax_to_Grind | 09/14/04
You really aren't that clueless, are you?  B.O.F.H. | 09/14/04
And you aren't listening.  No_Ax_to_Grind | 09/14/04
Yes he really is that clueless!  sa_z | 09/14/04
It'll be a question of who can last the standoff the longest  Michael Kelly | 09/14/04
SPF augmenst DNS, get a clue!  B.O.F.H. | 09/14/04
Gaining market share  alterego_z | 09/14/04
what does joe average use for e-mail?  ryusen | 09/14/04
You really need to stop.  Patrick Jones | 09/14/04
See: Correct to a point.  No_Ax_to_Grind | 09/14/04
I did. You are still wrong.  Patrick Jones | 09/14/04
Cornered with facts.  sa_z | 09/14/04
wasn't there another article, recently where...  ryusen | 09/14/04
Once more See "Correct to a point".  No_Ax_to_Grind | 09/14/04
At least Mike Cox intends to be funny!  sa_z | 09/14/04
And you attempt what? Blank posts???  No_Ax_to_Grind | 09/14/04
That youa are a M$ troll  sa_z | 09/14/04
I only see one person calling names. YOU!  No_Ax_to_Grind | 09/14/04
No_Ax, you need to learn some basic vocabulary!  B.O.F.H. | 09/14/04
Troll Factor 9.4  sa_z | 09/14/04
Yes you are a name caller but I won't hold it against you.  No_Ax_to_Grind | 09/14/04
damn, that was a really harsh slam on Microsoft!  B.O.F.H. | 09/14/04
on front page extensions...  ryusen | 09/14/04
Wrong again  Richard Flude | 09/14/04
No_Ax fails to respond to valid criticism  CobraA1 | 09/15/04
Natural Consequence  John L. Ries | 09/14/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement