Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
One major assumption needing corrected is the assumed scope implied by
an v=spf1 record. There are vendors able to exercise significant
influence with respect to their view of the scope implied by this
record. You have another group that feels they can declare a default
scope, in a manner they consider appropriate, albeit in conflict.
This is a political issue, and not a flaw in the technical proposal.
SPF is handing a dangerous tool to the domain owner without advising
them of the serious risks they assume when publishing. I find that
outrageous.
As you've said. The proponents have disagreed, and "never the twain
shall meet."
I offered suggestions that a domain assertion could be added to the CSV
record that indicates all of a domain's emails are signed.
Which is a great idea.
Alan DeKok.