Security threats Toolkit
Story: Experts clash over merits of anti-spam authentication
Posted by: Suresh Ramasubramanian (Monday 10 October 2005, 4:22 PM)
Hi
I manage the antispam ops at Outblaze, and we're a large ISP with over 40 million users.
We were probably the first large ISP to discard SPF after publishing conservative SPF records for over a year, in late february 2005.
Earthlink followed us in July, dropping their SPF record - and this was picked up by the press as well.
Beginning of a trend I guess... and Nick Fitzgerald is right. Just like a lot of the other people cited in the article are just plain wrong.
My rationale behind dropping spf is at http://www.circleid.com/article.php?id=1039_0_1_0_C/ - and was a reply to a previous ZDNET story by George Ou, which had similar ideas on how spf could stop the botnet problem
A further overview by ASRG chair John Levine on how and why SPF Is losing mindshare, which has a pointer to a MAAWG whitepaper on SPF (MAAWG being the Messaging Anti Abuse Working Group, an association of antispam teams from different ISPs around the world.. i'd call it the nanog of antispam, as it is focused on operational issues as opposed to vendor product pitches). - http://www.circleid.com/article/1157_0_1_0_C/
http://www.circleid.com/article/1178_0_1_0_C/
regards
--srs
Full Talkback thread
Story: Experts clash over merits of anti-spam authentication
-
Hi
I manage the antispam ops at Outblaze, and we'r... Suresh Ramasubramanian -
SPF is designed to stop email forgery. It is... Wayne Schlitt -
SPF was merely intended as an anti-forgery solutio... Neil Murray
-
I would be very happy to have viruses stop forging... Anonymous
-
Mail authentication is wishful thinking because it... Arthur B.
Back to: Experts clash over merits of anti-spam authentication
