LWN.net Logo

Advertisement

Netronome is hiring!

Interested in hardware, diags, validation, Linux, C, ARM, Microcode and low level programming and blazing networks?

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Solution: Sender Policy Framework

Solution: Sender Policy Framework

Posted May 6, 2004 12:07 UTC (Thu) by hingo (guest, #14792)
In reply to: Solution: Sender Policy Framework by copsewood
Parent article: 82% of email is spam

One thing I've always wondered about SPF is this. When more people start using it, isn't it then just as easy for the spammers to make their worms such, that they check the DNS record to learn what SMTP server they should use and then send their mail through that server. The server has no chance to realise that it is not the user of the computer sending normal email.

Of course, if we have SPF, then we could start adding other things to SMTP, like the server requiring a password before accepting mail. In combination these kinds of techniques might do it.

(Log in to post comments)

Solution: Sender Policy Framework

Posted May 6, 2004 16:28 UTC (Thu) by Ross (subscriber, #4065) [Link]

Maybe. It depends on what type of authentication the server requires.
Assuming the worst case, no authentication, it would still be an
inprovement because the messages would really be from the domain they
appear to be from. This makes it easier to contact admins, implement
filters, etc.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds