[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: warning to list



On Tue, 2004-10-26 at 00:06 +0100, David Woodhouse wrote:
> On Mon, 2004-10-25 at 00:12 -0400, Paul Iadonisi wrote:
> >   Something else to note about this fake security alert.  Red Hat
> > publishes an SPF record,
> 
> That is an unfortunate error of judgement on their part. Let's not
> compound it by advocating the fundamentally flawed snake oil which is
> SPF in an inappropriate forum.

SPF does 100% of what it was intended to do.  If it doesn't do what you
thought it did, that's your own damn fault for not understanding what it
does.

People seem to ASSume that SPF is a technology to stop spam or forged
emails.  It isn't and never was.  Anyone who took any time to understand
how it worked, and who actually read the documentation, knew this.

The architect of SPF, Meng Weng Wong, is working on a revised edition
that *does* stop forged emails and most spam.  It protects all parts of
an email, including the From header, which is what is most important in
terms of forgery (such as the mail we're discussing).  For the spam end
of the solution, it still requires a authorization service (SPF
authenticates what the mail really is - not if its spam or not), but it
makes said authorization server operate at total effectiveness.

If you're going to bash a perfectly legitimate technology that does
everything it's intended to do, and is capable of doing everything
everyone *wants* it to do in its new edition, I suggest you be a tad
more mature and provide real arguments against it instead of using
childish insults against the technology and its adopters.

> 
> -- 
> dwmw2
> 
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]