On Tue, 2004-10-26 at 00:06 +0100, David Woodhouse wrote: > On Mon, 2004-10-25 at 00:12 -0400, Paul Iadonisi wrote: > > Something else to note about this fake security alert. Red Hat > > publishes an SPF record, > > That is an unfortunate error of judgement on their part. Let's not > compound it by advocating the fundamentally flawed snake oil which is > SPF in an inappropriate forum. SPF does 100% of what it was intended to do. If it doesn't do what you thought it did, that's your own damn fault for not understanding what it does. People seem to ASSume that SPF is a technology to stop spam or forged emails. It isn't and never was. Anyone who took any time to understand how it worked, and who actually read the documentation, knew this. The architect of SPF, Meng Weng Wong, is working on a revised edition that *does* stop forged emails and most spam. It protects all parts of an email, including the From header, which is what is most important in terms of forgery (such as the mail we're discussing). For the spam end of the solution, it still requires a authorization service (SPF authenticates what the mail really is - not if its spam or not), but it makes said authorization server operate at total effectiveness. If you're going to bash a perfectly legitimate technology that does everything it's intended to do, and is capable of doing everything everyone *wants* it to do in its new edition, I suggest you be a tad more mature and provide real arguments against it instead of using childish insults against the technology and its adopters. > > -- > dwmw2 > >
