[afrinic-anti-spam-discuss] Deploying SPF
Graham Beneke
graham-ml at apolix.co.za
Tue Oct 2 18:28:52 SAST 2007
Alain Patrick AINA wrote:
> On Saturday 29 September 2007 09:06:42 am Graham Beneke wrote:
>> The reason that this is neccessary is that the original SMTP protocol
>> has no way of verifying the MAIL-FROM header that is transmitted during
>> the SMTP transaction.
>
> MAIL-FROM: the Reverse-Path , the sender e-mail ?
SPF checks the address that is presented as the "Return-Path:" within
the email headers however if you follow the actual SMTP transaction then
it is presented as "MAIL FROM:<sender at address>" hence why it is
generally referred to as the MAIL-FROM or MFROM address.
> Folk verify that by checking if the sender domain exist( has a mx or A
> record....) and check the local-part with VRFY or other means.
This allows you to verify the validity of an address but it provides you
with absolutely no assurance of the validity of the sender.
Spammers are generally ahead of the game in terms making their mail
servers compliant with the technical requirements. There is very little
spam being sent that will not pass a domain lookup and a VRFY test.
Hence the huge importance of SPF to prevent spammers forging MAIL-FROM
addresses of legitimate mail senders.
--
Graham Beneke
Apolix Internet Services
E-Mail/MSN/Jabber: graham at apolix.co.za Skype: grbeneke
VoIP: 087-750-5696 Cell: 082-432-1873
http://www.apolix.co.za/
More information about the anti-spam
mailing list