SPF question

[Christopher Browne]

On Oct 31, 2007 5:35 PM, Lennart Sorensen <lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org> wrote:
> On Wed, Oct 31, 2007 at 04:41:00PM +0000, Christopher Browne wrote:
> > SPF *may* also make sense for large entities that:
> > a) Send out a lot of mail, and
> > b) Are targets for fraudulent mail
> >
> > EBay and PayPal would fit into that category, as would banks.
> >
> > It seems not too outrageous for them to try to tell the world things like:
> >
> > "If you get mail claiming to be from our domain that doesn't contain
> > our digital signature, then we're willing to suggest that it is
> > fraudulent and may be safely thrown away."
>
> Well since not everyone insists on checking SPF, there are plenty of
> ways for those scams to get through anyhow.

Sure, but it's not a zero-sum game.  If this mechanism meant that
those users of Yahoo, Google, and Hotmail were no longer "pestered" by
fraudulent email from a dozen SPFed sources, that would remove
millions of messages per week, and presumably eliminate some non-zero
quantity of frauds from being perpetrated.

It might not help you, but it would be a help.

> A much better way to deal
> with those phishing emails is to make people less stupid.  Not sure how
> much luck we will have on that.  Perhaps I am overly optimistic in the
> average ability of the population as a whole.

The thing is, the Nigerian "419 scams" date back decades, and
evidently continue to be effective because of the combination of greed
and gullibility.  They were happening before email existed.

The essential problems are not technical ones...
-- 
http://linuxfinances.info/info/linuxdistributions.html
"...  memory leaks  are  quite acceptable  in  many applications  ..."
(Bjarne Stroustrup, The Design and Evolution of C++, page 220)
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists