cef at optus.net
Thu Nov 3 00:46:24 GMT 2005
On Thursday 03 November 2005 09:14, Paul Marsh wrote:
> I was reading Mark Minasi's monthly newsletter
> http://www.minasi.com/thismonth.htm, always a good read. This month he
> covers the topic of SPF Sender Protection Framework as it relates to
> reducing spam. To be honest I've never heard of it but it looks like it
> could help reduce spam for the time being? I also noticed some key
> domains are already using SPF. What's the general consensus regarding
I've known about SPF for a long time.
There is really 2 parts to SPF:
Publishing SPF records in your DNS (TXT records in SPF format)
Checking these records on mail that comes in
The first part is easy, and gives anyone who is actually using SPF on
reception of mail the chance to do their job. I try to add the records to any
domain I work with. I've seen a lot of spam that hands itself off as a number
of addresses that are either under my control or actually belong to me, so I
can see the usefulness of this. I've used SPF on reception a number of times
and it does make an appreciatable dent in the spam and automated email
exploits/virii that go around.
DNS poisioning can of course change things, and it doesn't protect you from
that, as it's not meant to. There are other ways around it that it doesn't
protect against, but once again, that isn't it's job. It's just extra
infomation in the DNS that says what machines can send mail for that domain.
And for that, I think it's particularly effective, if not really standardised
in any way.
It's not the be-all and end-all of spam protection, but it's definitely better
Stuart Young - aka Cefiar - cef at optus.net
More information about the list