----- Original Message -----
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>; "jpinkerton"
Sent: Monday, December 06, 2004 10:12 PM
Subject: Re: [spf-discuss] FairUCE
Quoting jpinkerton <johnp(_at_)idimo(_dot_)com>:
Yes - and it's another case of someone else *possibly* using spf records
something that wasn't in the SPF designers heads.
Sounds to me like the only thing they're using SPF for is to say that if
in place to provide forgery prevention they'll forego confirmation. Not
unreasonable decision, especially once we get to the point where MTAs will
SMTP AUTH to prevent in-server spoofing...
True - but it's a short step from using spf records as "we" intend them to
be used, albeit in some other environment, to them using the records to do
their own checks in some way that we had not forseen.
I am merely re-inforcing the point I was making earlier about the fact that
the use of spf records is out of our control. We have to live with that
fact, and publish a nice page of usages that we know of, with information
on their (dis)advantages.