Security threats Toolkit
Story: Experts clash over merits of anti-spam authentication
Posted by: Neil Murray (Monday 10 October 2005, 5:27 PM)
SPF was merely intended as an anti-forgery solution, not a solution to phishing or spam. Every now and then we get an "expert" who pops up and tells us that it won't work as an anti-spam solution. Amazing!
SPF is just a single piece of the puzzle. The fact is that we, at some point, must agree on a way to authenticate email. If this means using SPF or Sender-ID or DKIM or some other solution - then we need to progress these technologies.
SMTP is broken from a security point of view - and it'll take some pain to fix it. SPF has flaws as well - but it got us thinking in the right direction.
Full Talkback thread
Story: Experts clash over merits of anti-spam authentication
-
Hi
I manage the antispam ops at Outblaze, and we'r... Suresh Ramasubramanian -
SPF is designed to stop email forgery. It is... Wayne Schlitt -
SPF was merely intended as an anti-forgery solutio... Neil Murray -
I would be very happy to have viruses stop forging... Anonymous
-
Mail authentication is wishful thinking because it... Arthur B.
Back to: Experts clash over merits of anti-spam authentication
