[unisog] Numeric SPAM

Paul Russell prussell at nd.edu
Tue Jun 6 17:56:54 GMT 2006


On 6/6/2006 11:43, Valdis.Kletnieks at vt.edu wrote:
> And that's probably SPF's biggest problem - you can't really *rely* on it
> to stop forgeries until a vast majority of sites publish a hardfail SPF,
> including *all* the 800pound gorillas.  AOL has a ?all, Hotmail and MSN
> both show a ~all.  And so on.

Whether SPF can or cannot detect forged sender address from external domains
is not the issue in this case. One of the characteristics of the spam that
started this thread is that the recipient address is forged as the sender
address. You should not need SPF to determine whether sender addresses in your
own domain are forged on messages presented to your own servers.

-- 
Paul Russell, Senior Systems Administrator
OIT Messaging Services Team
University of Notre Dame
prussell at nd.edu


More information about the unisog mailing list