| |||||||||||||
|
| |||||||||||||
So why not use a callback instead?So why not use a callback instead?Posted Sep 6, 2004 10:02 UTC (Mon) by frankie (subscriber, #13593)In reply to: So why not use a callback instead? by lolando Parent article: Debian rejects Sender ID
SPF-like protocols are not universal panacea. SPF just blocks forged addresses, like those used by a few spammers and worms.
(Log in to post comments)
So why not use a callback instead? Posted Sep 6, 2004 10:58 UTC (Mon) by sdalley (subscriber, #18550) [Link] If by a fictitious domain you mean a domain that does not exist, then DNS lookup would not be able to obtain DNS records of any sort. Or do you actually mean something different?
Why no network of trust? Posted Sep 7, 2004 14:53 UTC (Tue) by forthy (guest, #1525) [Link] It is not obvious for me that you can't add a network of trust to aSPF-like framework. Like S/MIME or PGP, SPF records would need a signature (or several signatures, if you like). If you create your domain, the NIC usually would also sign your SPF record; done. Since domain creation is a hierarchical situation, tracing signatures back to some known good "root" signature is not really difficult. In the end, this does not help bot-based spam networks and worm floods. Even if you require the user to enter a passphrase for every outgoing mail, an infected PC could grab that passphrase and send spam and worms under the name of the victim. However: It is now possible to help the victim, since you can identify her (or him). Part of the success of captured computers is that the user doesn't know about it.
|
|
||||||||||||