On Thu, 2005-01-13 at 12:41 -0500, John R Levine wrote:
Signature schemes ask yet a different question. Whereas SPF asks "could
the message have come from this domain", signature schemes ask "did the
message come from this domain." That's a different and considerably
The way I prefer to see/phrase this is that SPF offers a _whitelist_. It
can say 'yes' or it can say 'maybe'. It can't reliably say 'no'.
It's only a 'no' result which is _really_ useful because that's what
allows us to _reject_ email. SPF can only sensibly be used for bypassing
other checks for known-trusted senders, not for rejecting mail.