SPF was->(Re: Yahoo Developing Open Source Server Software For Spam-Resista nt E-Mail)

David Höhn dh at UPTIME.AT
Thu Dec 18 07:08:58 GMT 2003

Hash: RIPEMD160

Nick Phillips wrote:
| On Mon, Dec 15, 2003 at 05:38:48PM +0000, Julian Field wrote:
|>Your assumption is fine for little ISPs. But what about the Yahoos and
|>of this world? They would have to manage thousands and thousands of
|>for their customers. They are also using dynamic IP allocation, so they
|>would have to allow all their IP addresses to send mail as coming from any
|>customer-owned domain name.
|>So user1 has "friendly.com" and user2 is a spammer. User2 can send mail
|>from "friendly.com" and there's not much you can do to stop him. The only
|>chance is to change all the DNS records, saying who can send what from
|>where, every time a user logs in and logs out. Impossible.
|>I have yet to see any solution to this problem which
|>(a) actually works, even in theory (most are based on broken logic)
|>(b) scales to large ISPs
| Y'all pop by http://spf.pobox.com and have a look. It's kind of similar
| to what Yahoo are trying to do, from what I've heard (or more like


As far as I can see this requires the use of SASL and SMTP AUTH. This is
exactly where problems for very large ISP and even small time users
start. In my humble opinion, even though I would like to see SMTP AUTH
and SASL used more often, that is a cludge for mayn that are working at
a huge ISP. First of all because I need to find a way to keep the SASL
data synched over possibly 20 or more MailServer and I need to explain
to every user how she/he can use SMTP-AUTH. Not to mention that some
MUAs (no I am not looking at your MUAs Microso....) only support
insecure authentication methods which I would not ever want to recommend
to a roaming or even a remote user.

While I find the idea interesting I simply think that this is the
show-stopper. But them again, I would to be incorrect on this one.

- -d

- --
nee amata wo mitsukete soshite midoto wasrezu
~     domma mi mumega itakutemo soba mi iru mo
~                        zutto...zutto...zutto
Version: GnuPG v1.2.3 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the MailScanner mailing list