Is SPF a useful methodology for identifying spam email?
"pwrichcreek" wrote in message
...
Thanks Norman, your reply sheds some additional light.
It still puzzles me why a site such as paypal, which seems always to be in
the spotlight regarding emails claiming, falsely, to originate from their
site, would not be eager to maintain SPF information for their domain.
Most
of the emails I've gotten from paypal -- and these are ones that WERE NOT
phony -- are identified by QURB as "not verified".
Phil
"N. Miller" wrote:
On Wed, 16 Jan 2008 10:19:03 -0800, pwrichcreek wrote:
Is there someone here who can shed light on the effectiveness of SPF in
general? Are there any of the "biggies" that use SPF -- paypal, ebay,
microsoft, the larger banking institutions?
SPF is only of limited usefulness, hardly useful at all for detecting
spam;
unless you operate on the assumption that only spammers are using SPF.
And
spammers have really jumped on the SPF bandwagon.
The theory behind SPF is that the owner of a domain declares, through a
DNS
"TXT" record, that only the IP addresses specified in that DNS record are
authorized to send email for that domain. Thus, if you receive email
purporting to be from that domain, but the source IP address is not in
the
DNS record, it can be considered suspicious. But not all domains have SPF
records (more don't than do), not all SPF records are accurate, or
current,
and many spammers have registered domains with an SPF record, so their
spam
will pass a domain SPF check.
In conclusion, it really isn't terribly useful at identifying spam;
DNSBLs
are, still, the most accurate check for the likeliness that any given
email
is spam.
--
Norman
~Shine, bright morning light,
~now in the air the spring is coming.
~Sweet, blowing wind,
~singing down the hills and valleys.
|