On Sat, Jan 24, 2004 at 11:33:54PM +1300, Simon Byrnand said:
I don't see how this would work.
Lets say I connect to xtra as my ISP, however I have a clear.net.nz email address and use xtra's smtp server to send my email. This sort of system would block it as being spam because it wouldn't be going through the correct poviders smtp server.
Which is one of the major sticking points of SPF. There are legitimate uses of "forging" domains like this...
At the risk of appearing stoopid, such as? If a domain lists all the IP addresses that mail from that domain could originate from, then presumably they're saying that greeting card sites and the like aren't going to be usable from this domain. Sounds like a good idea to me :-).
One good side would be that those who did list their domains with an SPF entry would be less likely to be the victim of a "joe job", provided that a large enough proportion of the recipients of such spam were checking SPF...
And that seems like a useful outcome in itself. It would also be a useful defence against the mindless joejobs that you see from the worm/virus de jour these days. Having watched the classic example yesterday where some random Bagle infected machine sent a mail to a list my SO runs, with From line forged so that it appeared to come from her. It had the right From line, so it got right through the "only allow posting from subscribers" check, and she's been getting harangued by noobs on the list ever since. SPF looks like it could stop that sort of nonsense happening. Cheers Si