[afrinic-anti-spam-discuss] Deploying SPF

Graham Beneke graham-ml at apolix.co.za
Tue Oct 2 18:28:52 SAST 2007

Alain Patrick AINA wrote:
> On Saturday 29 September 2007 09:06:42 am Graham Beneke wrote:
>> The reason that this is neccessary is that the original SMTP protocol
>> has no way of verifying the MAIL-FROM header that is transmitted during
>> the SMTP transaction.
> MAIL-FROM: the Reverse-Path , the sender e-mail ?

SPF checks the address that is presented as the "Return-Path:" within 
the email headers however if you follow the actual SMTP transaction then 
it is presented as "MAIL FROM:<sender at address>" hence why it is 
generally referred to as the MAIL-FROM or MFROM address.

> Folk  verify that by checking if  the sender domain exist( has a mx or A 
> record....)  and check the local-part with VRFY or other means.

This allows you to verify the validity of an address but it provides you 
with absolutely no assurance of the validity of the sender.

Spammers are generally ahead of the game in terms making their mail 
servers compliant with the technical requirements. There is very little 
spam being sent that will not pass a domain lookup and a VRFY test. 
Hence the huge importance of SPF to prevent spammers forging MAIL-FROM 
addresses of legitimate mail senders.

Graham Beneke
Apolix Internet Services
E-Mail/MSN/Jabber: graham at apolix.co.za   Skype: grbeneke
VoIP: 087-750-5696                       Cell: 082-432-1873

More information about the anti-spam mailing list