[DShield] SPF is fundamentally flawed

John Hardin johnh at aproposretail.com
Fri Feb 20 00:45:19 GMT 2004


On Thu, 2004-02-19 at 15:25, Erik van Straten wrote:

> AOL's MTA's are RFC-compliant. However AOL has introduced SPF records
> (which is why I used them as an example) probably because spammers often
> use MAIL FROM: <someone at aol.com> from *any* backdoored PC in the world.
> This causes AOL to get many bounces for spams that cannot be delivered,
> while it did not originate from AOL PC's.

They'd better remove the "?all" then, if they want SPF to have any
benefit...

--
John Hardin  KA7OHZ                           
Internal Systems Administrator/Guru               voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
  Failure to plan ahead on someone else's part does not constitute an
  emergency on my part.
                                  - David W. Barts in a.s.r
-----------------------------------------------------------------------
 11 days until ICQ Corp goes away - have you installed Jabber yet?




More information about the list mailing list