Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
There are much better solutions to the problem of bounces to joe-jobs. Solutions which don't require wholesale changes to the way that email works.
SPF, joe jobs, and phishing
Posted Jun 15, 2006 19:32 UTC (Thu) by dlang (✭ supporter ✭, #313)
Posted Jun 15, 2006 21:32 UTC (Thu) by dwmw2 (subscriber, #2063)
You didn't actually read the why not SPF page linked above, did you?
550-Verification failed for <firstname.lastname@example.org>
550-Sent: RCPT TO:<email@example.com>
550-Response: 550-This address never sends messages directly, and should not accept bounces.
550-550-Please see http://www.infradead.org/rpr.html or contact
550-550 firstname.lastname@example.org for further information.
550 Sender verify failed
Posted Jun 22, 2006 23:51 UTC (Thu) by kitterma (subscriber, #4448)
Posted Jun 15, 2006 19:35 UTC (Thu) by rfunk (subscriber, #4054)
Posted Jun 22, 2006 23:48 UTC (Thu) by kitterma (subscriber, #4448)
SPF checking may be relatively rare, but in my experience it is enough that within a month of publishing a -all SPF record, bounce messages due to forged sending using my domains ended. There is enough SPF checking going on to provide deterrence.
SPF is a horrible idea in theory. In practice, unless your user base sends to peope who do a lot of forwarding, it works pretty well for many domains. Eventually, it will be obsolete because something better will come along. In the meantime, it does the job for me and lots of others.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds