TMDA Re: [Gllug] New worm doing the rounds?

Alistair Mann alistair at
Tue Feb 17 18:54:18 UTC 2004

Hash: SHA1

Thus spaketh Bruce Richardson on Tuesday 17 February 2004 3:48 pm:
> On Tue, Feb 17, 2004 at 12:25:18PM +0000, Alistair wrote:
> > I'm less optimistic about SPF. A greater problem than low value for early
> > adopters will be low value for all once widely adopted, as it is trivial
> > to circumvent: just make the envelope sender sufficiently accurate.
> No.  SPF can quite validly be used to validate From and Sender headers
> as well as the envelope sender.  

SPF would tend to reduce the utility of email address portability. It is 
useful for me when onsite to send email from my own work's email address. It 
is useful for sales managers -- bless their cotton socks -- to send from just 
one email address whether they be in the office, under a hotpoint or in a 
hotel in Sydney, AU. It is useful for the less computerate (ie, PHBs) to be 
able to send email from their work address from their dialup connection at 
home. SPF reduces the ability to do the above.

A wildcard would solve these problems, yet this 'cure' could be worse than the 
problem: a wildcard is useless to you for the reasons you have given 
elsewhere. It is useless to me as it offers nothing extra in return for 
another point of failure. It is use/ful/ to the spammer as users may 
erroneously believe that SPF has improved the odds that the email in front of 
them is legitimate.

SPF doesn't identify the sender to any greater level that date/time and IP 
address already does: could still forge his sender 
address as, so it is of no additional use in 
determining compromised machines. 

It is undoutably thinking along the right lines, yet the economics are bad: 
admins and users face an permanent increase in operating costs for a one-off 
increase in the fixed costs of spammers.

> In fact, it's often more useful to
> validate the headers than the envelope because some mail clients bollix
> the envelope sender.

- -- 
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: As seen at


Gllug mailing list  -  Gllug at

More information about the GLLUG mailing list