SPF, joe jobs, and phishing
Posted Jun 22, 2006 23:48 UTC (Thu) by kitterma
In reply to: SPF, joe jobs, and phishing
Parent article: SPF on vger
None of which are implementable by someone who isn't running their own mail server and using custom software. With SPF, with all it's flaws, any domain owner that can publish a TXT record in their DNS can gain some protection.
SPF checking may be relatively rare, but in my experience it is enough that within a month of publishing a -all SPF record, bounce messages due to forged sending using my domains ended. There is enough SPF checking going on to provide deterrence.
SPF is a horrible idea in theory. In practice, unless your user base sends to peope who do a lot of forwarding, it works pretty well for many domains. Eventually, it will be obsolete because something better will come along. In the meantime, it does the job for me and lots of others.
to post comments)